#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Allow non-root user "Install" support for Sametime 10.x server products on Linux / RHEL

Allow non-root user "Install" support for Sametime 10.x server products on Linux / RHEL.   Needing root permissions is a potential security risk.  Being able to deploy and run under a user with fewer permissions  (and having tested and documented the procedures to do so) would make the server more secure from potential security hacks.  And would get us past having to have special permission to run under root.  We understand that the product may have to run on ports higher than 1000 because of the limitations of the OS.

  • Guest
  • Nov 16 2018
  • Needs review
  • Attach files
  • Guest commented
    2 Jan 06:58pm

    Hmmmm ... I could not disagree more!

    In theory you could install Domino and other products without root if you install it in a different directory.

    Yes in general on Linux you need root permissions to install software that needs the sticky bit like the bindsock application, which allows to bind to resticted ports as you say.

    But it is actually important to install and run software that cannot be modified by a normal user.

    So it is part of the security concept on Linux to only allow "root" to install software and have it installed in a way that a normal user cannot modify the code.

    On Windows this is more difficult than on Linux/Unix.

    What you can do is to get your system adminstator to allow certain operations to delegate via sudo.

    Software installs on Linux needs to have root access in one or another way!

    The runtime is always a non root user. Even some operations like bindsock need resticted operations.

    On Docker the image is built to use the "notes" user in the container. But a Docker administrator can still log into the image with root permissions.

    There are rootless containers on Docker 20.10 (just released) and Podman. But it's to early to use it. But still the Docker container is always running with the "notes" user.

    [ Daniel Nashed / HCL Lifetime Ambassador ]

  • Guest commented
    25 Mar, 2019 12:07am

    What about the Websphere Sametime products such as ST Proxy, ST Advanced, and ST Gateway?

  • Admin
    Thomas Hampel commented
    23 Mar, 2019 10:13am

    Domino provides Docker support, we are working on adding Sametime in Docker to the github repo https://www.github.com/IBM/domino-docker 

  • Guest commented
    22 Mar, 2019 03:08pm

    Is it supported with a Docker container?  Or is it planned to be in the future?

  • Admin
    Thomas Hampel commented
    1 Dec, 2018 12:48am

    Would a Docker container help?