Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Needs Review
Workspace Sametime
Categories Chat
Created by Guest
Created on Nov 16, 2018

Allow non-root user "Install" support for Sametime 10.x server products on Linux / RHEL

Allow non-root user "Install" support for Sametime 10.x server products on Linux / RHEL.   Needing root permissions is a potential security risk.  Being able to deploy and run under a user with fewer permissions  (and having tested and documented the procedures to do so) would make the server more secure from potential security hacks.  And would get us past having to have special permission to run under root.  We understand that the product may have to run on ports higher than 1000 because of the limitations of the OS.

  • Attach files
  • Guest
    Reply
    |
    Jan 2, 2021

    Hmmmm ... I could not disagree more!

    In theory you could install Domino and other products without root if you install it in a different directory.

    Yes in general on Linux you need root permissions to install software that needs the sticky bit like the bindsock application, which allows to bind to resticted ports as you say.

    But it is actually important to install and run software that cannot be modified by a normal user.

    So it is part of the security concept on Linux to only allow "root" to install software and have it installed in a way that a normal user cannot modify the code.

    On Windows this is more difficult than on Linux/Unix.

    What you can do is to get your system adminstator to allow certain operations to delegate via sudo.

    Software installs on Linux needs to have root access in one or another way!

    The runtime is always a non root user. Even some operations like bindsock need resticted operations.

    On Docker the image is built to use the "notes" user in the container. But a Docker administrator can still log into the image with root permissions.

    There are rootless containers on Docker 20.10 (just released) and Podman. But it's to early to use it. But still the Docker container is always running with the "notes" user.

    [ Daniel Nashed / HCL Lifetime Ambassador ]

  • Guest
    Reply
    |
    Mar 25, 2019

    What about the Websphere Sametime products such as ST Proxy, ST Advanced, and ST Gateway?

  • Admin
    Thomas Hampel
    Reply
    |
    Mar 23, 2019

    Domino provides Docker support, we are working on adding Sametime in Docker to the github repo https://www.github.com/IBM/domino-docker 

  • Guest
    Reply
    |
    Mar 22, 2019

    Is it supported with a Docker container?  Or is it planned to be in the future?

  • Admin
    Thomas Hampel
    Reply
    |
    Dec 1, 2018

    Would a Docker container help?