RVY200758: How to Execute RVIA as Non-Root (Non-Windows)

It is possible to execute RVIA as non-root by changing the permissions in retrospect. How this works is described in the following.

After the installation no cronjobs are setup - this is done manually when calling rvia getconfig <url>. Before calling RVIA for the first time, it is possible to modify the permission level for the installation directory to grant a specified user (for this example the user will be referred to as <myuser>) writing permissions for the /opt/rvia directory.

This user is now able to call ./rvia getconfig <url> using the user context. RVIA will now load the rvia.cfg and will write the file to the installation directory with user permissions only. This also applies to the log file and the cronjobs in the Crontab of the user.

Using a custom command for the schedule that should be used by RVIA, it is possible that only ndtrack will be executed using root permissions.

RVIA is executing the following steps when uploading inventories:

  1. RVIA renames the files for the files to be conform to Unicode.
  2. RVIA reads the files.
  3. RVIA uploads the files.
  4. Afterwards, RVIA deletes the files.

Using the custom command, this behavior will also be rectified to no longer require root permissions.


Example Custom Command:

schedule:command:sudo /opt/rvia/rvia inventory && sudo chown <myuser> /opt/rvia/results/*.ndi:0 0 * *

The custom command can now be entered by either using the TEXT VIEW and directly entering it (Screenshot 1) or by using the PROPERTIES VIEW and using the Add Schedule option (Screenshot 2).



Screenshot 1


Screenshot 2



First the command /opt/rvia/rvia inventory will be executed with root permissions and after the inventory was executed successfully (&&) the command chown will be executed with root permissions. The user <myuser> will now be the owner of *.ndi files in the folder /opt/rvia/results. Therefore, RVIA will be able to rename and delete the files using user context.



It is necessary to edit the sudoers file (/etc/sudoers) to be able to execute the commands /opt/rvia/rvia inventory and chown <myuser> /opt/rvia/results/*.ndi without asking for a password.

The following lines need to be added to the sudoers file:

<myuser> ALL= (root) NOPASSWD: /opt/rvia/rvia inventory

<myuser> ALL= (root) NOPASSWD: /usr/bin/chown <myuser> /opt/rvia/results/*.ndi




Powered by Zendesk