Overview
The RightLink 10 agent has historically run as a root/Administrator user, primarily because it is a systems management agent and systems management processes often requires root/Administrator privileges.
Starting with version 10.1.2, RightLink will no longer be run as the root user,
but instead be run under the rightlink
service account with the ability to
sudo to root as needed. Scripts/recipes run through RightLink will need to sudo
to root as needed.
This was done in order to help provide finer grain control over auditing and systems management actions via sudo logs and configuration.
Starting with version 10.2.1 for Windows, RightLink will no longer run as the
Administrator user. By default, RightLink will run under a Local Administrator
account called RightLink
. RightLink may also be run under a Domain account,
though the account should have Administrative permissions for the box.
RightLink operation
On Linux, RightLink can operate without root privileges. The only operations that require sudo are:
- rebooting or shutting down the server
- RightScripts that use sudo to gain security privileges of any user, including 'root'
- in order to change system configuration
On Windows, RightLink should have Administrative privileges to reboot/shutdown the server.
Usage
Since RightLink now runs without elevated permissions by default, sudo must be used for any administrative actions in RightScripts. For example:
apt-get install -y collectd
Will change to:
sudo apt-get install -y collectd
If a RightScript contains numerous options that require administrative permissions, the hashbang of the script may be altered to run the entire script as sudo. For example:
#!/bin/bash
Can be changed to:
#!/usr/bin/sudo /bin/bash
Configuration
During RightLink installation, a rightlink
user is created for the rightlink service. In order to be able to do systems configuration, sudo permission is given by default to the rightlink
user.
Sudo permission for the rightlink
account can be locked down to more specific permissions by altering the
sudo config at /etc/sudoers.d/90-rightscale
. This file is created during RightLink
installation but is not subsequently modified and may be altered as needed.
If modifying sudo, make sure to add in a minimal set for RightLink to function,
detailed in RightLink Operation
, shown below:
# Rightlink service startup requires these directives:
Defaults:root !requiretty
Defaults:rightlink !requiretty
Defaults:rightlink !env_reset
root ALL=(ALL) SETENV:ALL
# Blanket permissions. If you wish to remove the NOPASSWD:ALL line and tighten
# permissions, you must add in permissions for lifecycle management (reboot/terminate)
# via /sbin/init. The single line below would allow this:
# rightlink ALL=(root) NOPASSWD:/sbin/init
rightlink ALL=(ALL) SETENV:NOPASSWD:ALL
An example of a more locked down config is show below:
# Rightlink service startup requires these directives:
Defaults:root !requiretty
Defaults:rightlink !requiretty
Defaults:rightlink !env_reset
root ALL=(ALL) SETENV:ALL
# Needed by Rightlink for lifecycle management (reboot/terminate)
rightlink ALL=(root) NOPASSWD:/sbin/init
# Some user directives examples.
# Rightlink can only start/stop services
rightlink ALL=(ALL) NOPASSWD:/sbin/service
Upgrade
An in-place upgrade from 10.0.x to 10.2.x using the RightLink Base ServerTemplate upgrade script is not possible, as the init scripts and Base ServerTemplate scripts have changed in incompatible ways.
If a running instance was enabled, you may disable the server to completely remove RightLink, and then enable the instance with the a new 10.2.x compatible ServerTemplate.
If you launched a RightScale Server directly by bootstrapping via cloud-init, then there is currently no way to upgrade from 10.0.x to 10.2.x - you must relaunch a new server with the RightLink 10 10.2.x Linux / Windows Base ServerTemplate.