Why we are not suggested to run couchbase as a non-root in a production environment


#1

Hi,

When I read the documentation from http://docs.couchbase.com/admin/admin/Install/rhel-non-root-sudo.html. It suggests “don’t run couchbase as non-root”. I understand non-root may have some security problem, but is there any other special reason for that?

I noticed that in the start process, couchbase will be run as “couchbase” users and change some kernel parameters, besides that is there any special reason why we can’t run it as non-root one? Like say, if we run non-root, we will get a broken couchbase, or couchbase with worse performance?

Thank you


#2

Hi Popacai,

Thank you for your feedback. Running as non-root is only suggested for development environments.

Here are a few reasons why you have to run couchbase as root -

  1. With package manager and information in privileged directory , it can automatically identify it is a fresh install or an upgrade. Without root/sudo access, we lose this context.

  2. Access to network interface ( open socket ) in order to be able to listen to connections

  3. Access to the data folder. The default is accessible only by root or couchbase user

  4. Access to logging folder. The default is accessible only by root or couchbase user.

Hope this helps!

Regards,
Don Pinto
Couchbase Server Product Management