Administering GreenArrow Without root Access

• Table of Contents
• Overview
• Upgrades
• Managing & Administering the Software
  • Editing Configuration Files
  • Running Commands
  • Accessing Logfiles
  • Postgres pgpass
• Troubleshooting

Overview

GreenArrow must be installed using the root user account. After installation, most management and administration of the software can be performed using sudo.

Upgrades

Upgrading GreenArrow requires upgrading operating system packages.

The upgrade must either be done as root or using sudo as a user who has permission to run all upgrade procedure commands.

Managing & Administering the Software

Management and administration of the software can be done by changing file permission and giving sudo access to specific commands.

Editing Configuration Files

You can modify the file permissions in /var/hvmail/control/ so that they can be edited from your non-root user account.

You could also make all of these files owned by a group that your non-root user belongs to, make these files owned by that group, and grant read/write permission to “group” on those files.

Filesystem permission updates will need to be re-run after every GreenArrow package update because package updates reset the permissions.

You could also provide sudo access to create, overwrite, and delete files in this directory.

Running Commands

You will need to allow many commands to be run as root using sudo.

Here is a list. As far as we know it is complete. As you administer the software you may discover more commands in the documentation that need to be added to this list.

/var/hvmail/bin/greenarrow
/var/hvmail/bin/greenarrow_blockers
/var/hvmail/bin/greenarrow_config
/var/hvmail/bin/greenarrow_convert_powermta_configuration
/var/hvmail/bin/greenarrow_status
/var/hvmail/bin/hvmail_check_config
/var/hvmail/bin/hvmail_check_events_table
/var/hvmail/bin/hvmail_db_test
/var/hvmail/bin/hvmail_event_processor
/var/hvmail/bin/hvmail_hw_specs
/var/hvmail/bin/hvmail_init
/var/hvmail/bin/hvmail_postgres_manager
/var/hvmail/bin/hvmail_report
/var/hvmail/bin/hvmail_set
/var/hvmail/bin/hvmail_speed_test
/var/hvmail/bin/hvmail_status
/var/hvmail/bin/hvmail_unmanaged_backup
/var/hvmail/bin/hvmail_update_httpd_config
/var/hvmail/bin/hvmail_update_tcprules
/var/hvmail/djb/bin/svc
/var/hvmail/djb/bin/svstat

Accessing Logfiles

Logfiles in /var/hvmail/log/ need to be read.

If you need to limit to specifc commands to accessing files in this directory, here is a sample list of commands:

ls /var/hvmail/log
ls /var/hvmail/log/*
ls /var/hvmail/log/*/*
cat /var/hvmail/log/*
cat /var/hvmail/log/*/*
tail -F /var/hvmail/log/*/current
tail /var/hvmail/log/*/current

Files inside of /var/hvmail/log are automatically created and rotated, so their permissions will get reset as they are rotated. Therefor updating permissions to allow access is not recommended.

Postgres pgpass

We recommend copying /root/.pgpass to the home directory of the non-root UNIX user that you will use to administer GreenArrow. This allows you to be automatically logged in without a password prompt when running psql.

Troubleshooting

If you are giving GreenArrow access to troubleshoot your install using sudo, then you must also install the following utilities, and give GreenArrow sudo access to them:

lsof
strace