Bitnami error: Execution by root not allowed
904 views
Skip to first unread message
Richard Esplin
Sep 2, 2013, 12:37:39 PM9/2/13
to alfresco-techn...@googlegroups.com
I have been playing with the new 4.2.d community release of Alfresco, and came across a startup error that is new in this release.
I normally start an Alfresco test environment by running "sudo ./alfresco.sh" in my Alfresco directory. But in this release I get the error:
"Execution by root not allowed"
Now to be clear, running as root is not recommended. It is more secure to run Alfresco as a normal user, and use some process like iptables, privbind, or authbind to give the application access to the privileged ports.
But that is work I don't want to undertake for my development, test, and demo environments. If you want to run Alfresco as root, you need to comment out the check in the alfresco.sh file.
The check is at the top of that file:
# Avoid root execution
#if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
# echo "Execution by root not allowed"
# exit 1
#fi
Then you can run alfresco.sh as a privileged user.
(It looks like the script is also silently disabling SELinux. Not good.)
Cheers,
Richard
I normally start an Alfresco test environment by running "sudo ./alfresco.sh" in my Alfresco directory. But in this release I get the error:
"Execution by root not allowed"
Now to be clear, running as root is not recommended. It is more secure to run Alfresco as a normal user, and use some process like iptables, privbind, or authbind to give the application access to the privileged ports.
But that is work I don't want to undertake for my development, test, and demo environments. If you want to run Alfresco as root, you need to comment out the check in the alfresco.sh file.
The check is at the top of that file:
# Avoid root execution
#if [ `id|sed -e s/uid=//g -e s/\(.*//g` -eq 0 ]; then
# echo "Execution by root not allowed"
# exit 1
#fi
Then you can run alfresco.sh as a privileged user.
(It looks like the script is also silently disabling SELinux. Not good.)
Cheers,
Richard
Samuel Langlois
Sep 2, 2013, 1:09:26 PM9/2/13
to alfresco-techn...@googlegroups.com
Hi Richard
This piece of script is actually added to alfresco.sh dynamically, at
installation time.
You can have a look at the following file to see how this is done:
http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/installer/bitrock/ctlscript.xml
The logic is a bit convoluted, but it means that if you installed as
root, you can only run alfresco as root, and if you installed as
non-root, you can only run as non-root.
This probably makes sense, since the installer tweaks Linux services,
may deal with privileged ports, etc.
It has been the case as far as subversion's memory goes, apparently
Do you remember if you installed as non-root? Can you try installing as
root, to see if you get a different result?
Hope this helps!
Samuel
This piece of script is actually added to alfresco.sh dynamically, at
installation time.
You can have a look at the following file to see how this is done:
http://svn.alfresco.com/repos/alfresco-open-mirror/alfresco/HEAD/root/installer/bitrock/ctlscript.xml
The logic is a bit convoluted, but it means that if you installed as
root, you can only run alfresco as root, and if you installed as
non-root, you can only run as non-root.
This probably makes sense, since the installer tweaks Linux services,
may deal with privileged ports, etc.
It has been the case as far as subversion's memory goes, apparently
Do you remember if you installed as non-root? Can you try installing as
root, to see if you get a different result?
Hope this helps!
Samuel
Richard Esplin
Sep 3, 2013, 3:50:49 PM9/3/13
to alfresco-techn...@googlegroups.com, Samuel Langlois
Very insightful. Thank you Samuel.
I always run my setup script as a normal user. The script obtains sudo earlier to manage the database, but does not call the installer with sudo. However, I always run the application through alfresco.sh with root permissions in order to not worry about getting the correct ports whitelisted.
Your explanation makes sense and it seems like reasonable behavior. I am surprised it has been in the source for some time as I never saw this behavior before 4.2.d. When I get a chance, I will have to see if I can trace that history in more detail.
I just realized that I used the wrong term in the subject line earlier. I am using the Bitrock installer, not the Bitnami images.
Thank you again,
Richard
I always run my setup script as a normal user. The script obtains sudo earlier to manage the database, but does not call the installer with sudo. However, I always run the application through alfresco.sh with root permissions in order to not worry about getting the correct ports whitelisted.
Your explanation makes sense and it seems like reasonable behavior. I am surprised it has been in the source for some time as I never saw this behavior before 4.2.d. When I get a chance, I will have to see if I can trace that history in more detail.
I just realized that I used the wrong term in the subject line earlier. I am using the Bitrock installer, not the Bitnami images.
Thank you again,
Richard
Reply all
Reply to author
Forward
0 new messages