Setting up NodeBB with Mongo on Fedora 28



  • I wrote this the other day after setting up a new instance


  • Global Moderator

    One criticismi have is that I hate the /opt folder. I prefer making a new user with home directory and installing nodebb there.

    Edit: also it doesn't require root that way



  • @PitaJ But /opt should be the right folder. Creating a new user will need root as well. I usually create a new system user (without home directory) and assign it to the software it needs to run in /opt.

    Thus for example install it in /opt/nodebb. Create a new system user, on Debian based systems that would be:

    sudo adduser \
        --system \
        --no-create-home \
        --group \
        nodebb
    

    And then assign the folder to this new user: sudo chown nodebb:nodebb -R /opt/nodebb.

    Also would be nice to setup a SystemD-Service, which would execute /opt/nodebb/nodebb start|stop as the newly created nodebb user.

    Or just go with docker from the start. πŸ™‚



  • @PitaJ said in Setting up NodeBB with Mongo on Fedora 28:

    One criticismi have is that I hate the /opt folder. I prefer making a new user with home directory and installing nodebb there.

    I use /opt out of habit over years of things being that way. As you say, it can be anywhere.

    Edit: also it doesn't require root that way

    If you don’t use root, and make another account just for nodebb, the. You will prefixing everything with sudo -u someaccount or switching user for setup and everything anyway.

    If the risk of something somehow exploiting nodebb to gain console access were higher, I would care more about not running as root.

    Though if that was the case I would likely not be willing to use NodeBB in the first place.



  • @Dravere said in Setting up NodeBB with Mongo on Fedora 28:

    Also would be nice to setup a SystemD-Service, which would execute /opt/nodebb/nodebb start|stop as the newly created nodebb user.

    I really need to do this to be more lazy πŸ˜‰

    Or just go with docker from the start. πŸ™‚

    I’m not a docker fan, but it is a very good solution for the general person that just wants to run a forum.


  • Global Moderator

    @Dravere I don't see how your method is functionally any different from just using the user's home directory


  • Global Moderator

    @JaredBusch you don't need to prefix everything with it, you can just su -u nodebb (I think that's right) or just ssh in with that user in the first place.

    You should always run an application with the bare minimum privileges it needs to function. NodeBB doesn't need root privileges. PLEASE DO NOT RUN NODEBB AS ROOT.

    As with any software, we can't guarantee that NodeBB is completely free of security bugs. Giving it root is throwing away a layer of security you'd essentially get for free.



  • @PitaJ said in Setting up NodeBB with Mongo on Fedora 28:

    @Dravere I don't see how your method is functionally any different from just using the user's home directory

    Functionality wise there is no difference, but it is more standard conforming as far as I'm aware. Also in theory it might be a bit more secure as I'm creating a system user that by default can't login to the machine. If you're creating a regular user you'll have to disable his login rights separately.


  • Admin

    FWIW I use /opt as well for third-party apps. NodeBB, I install in my home directory, but again, it is mostly down to preference.

    If you install in /opt, you could always change the ownership of /opt/nodebb to something like nobody:nobody, and ensure it's run unprivileged...


 

Suggested Topics

| |