Question
· Jun 2, 2018

how to grant start/stop/restore privilege to user who is not root

hi

when I logon linux with a not root user, and then call ccontrol start/stop cache,    show no permisson .

 how to grant start/stop/restore privilege to user who is not root .

thanks

Discussion (5)1
Log in or sign up to continue

This is true, and adding the user to the group to stop and start is the right approach.  However, I wanted to comment on making users members of the cacheusr group, as this has large security implications on most systems.

There are two groups used in a Cache install: one is the set of users allowed to start and stop the instance, the other is an internal tool for managing file access. 

By default, the internal group (the "Effective group for Caché processes") is cacheusr.  No real users should be a member of this group.  The documentation on this page says:  "On a secure system, no actual user should be a member of this group. By default, this group is cacheusr, but you can change the group during installation."  A user who is a member of the cacheusr group will generally be able to alter or delete Cache databases, config files, and binaries at the OS level.  This is a large ability, and one you may not want to hand to users for their standard logins, and instead reserve for cases where they specifically show they mean to do that.

During install, if you chose any setting other than 'minimal' for your initial security settings, you'll be prompted to pick the group to stop and start the instance.  I would recommend picking a group other than cacheuser in order to keep these two functions separate.   Then you can add the users who you want to be able to start and stop the instance to this different group.  Note that changing this group manually, after install, is not recommended.

When Caché was installed, a group was defined for users who may stop/start/restart it (most likely cacheusr). You'll need to make the non-root user a member of that group, unless you'd prefer to use sudo as previously mentioned.

$ sudo usermod <username> -G cacheusr -a

If the user is already logged in, he/she may need to run newgrp to select cacheusr as their primary group:

$ newgrp cacheusr