Setting up NodeBB with Mongo on Fedora 28
-
I wrote this the other day after setting up a new instance
https://mangolassi.it/topic/18213/install-nodebb-1-10-2-on-fedora-28-with-mongo
-
One criticismi have is that I hate the
/optfolder. I prefer making a new user with home directory and installing nodebb there.Edit: also it doesn't require root that way
-
@PitaJ But
/optshould be the right folder. Creating a new user will need root as well. I usually create a new system user (without home directory) and assign it to the software it needs to run in/opt.Thus for example install it in
/opt/nodebb. Create a new system user, on Debian based systems that would be:sudo adduser \ --system \ --no-create-home \ --group \ nodebbAnd then assign the folder to this new user:
sudo chown nodebb:nodebb -R /opt/nodebb.Also would be nice to setup a SystemD-Service, which would execute
/opt/nodebb/nodebb start|stopas the newly creatednodebbuser.Or just go with
dockerfrom the start.
-
@PitaJ said in Setting up NodeBB with Mongo on Fedora 28:
One criticismi have is that I hate the
/optfolder. I prefer making a new user with home directory and installing nodebb there.I use
/optout of habit over years of things being that way. As you say, it can be anywhere.Edit: also it doesn't require root that way
If you donโt use root, and make another account just for nodebb, the. You will prefixing everything with
sudo -u someaccountor switching user for setup and everything anyway.If the risk of something somehow exploiting nodebb to gain console access were higher, I would care more about not running as root.
Though if that was the case I would likely not be willing to use NodeBB in the first place.
-
@Dravere said in Setting up NodeBB with Mongo on Fedora 28:
Also would be nice to setup a SystemD-Service, which would execute
/opt/nodebb/nodebb start|stopas the newly creatednodebbuser.I really need to do this to be more lazy
Or just go with
dockerfrom the start.Iโm not a docker fan, but it is a very good solution for the general person that just wants to run a forum.
-
@Dravere I don't see how your method is functionally any different from just using the user's home directory
-
@JaredBusch you don't need to prefix everything with it, you can just
su -u nodebb(I think that's right) or just ssh in with that user in the first place.You should always run an application with the bare minimum privileges it needs to function. NodeBB doesn't need root privileges. PLEASE DO NOT RUN NODEBB AS ROOT.
As with any software, we can't guarantee that NodeBB is completely free of security bugs. Giving it root is throwing away a layer of security you'd essentially get for free.
-
@PitaJ said in Setting up NodeBB with Mongo on Fedora 28:
@Dravere I don't see how your method is functionally any different from just using the user's home directory
Functionality wise there is no difference, but it is more standard conforming as far as I'm aware. Also in theory it might be a bit more secure as I'm creating a system user that by default can't login to the machine. If you're creating a regular user you'll have to disable his login rights separately.
-
FWIW I use
/optas well for third-party apps. NodeBB, I install in my home directory, but again, it is mostly down to preference.If you install in
/opt, you could always change the ownership of/opt/nodebbto something likenobody:nobody, and ensure it's run unprivileged... -
@JaredBusch Thanks. Really appreciate it
