[SOLVED] Mattermost executed as root? Is this secure?

Hi everyone,
I have installed Mattermost following this instructions http://docs.mattermost.com/install/prod-rhel-6.html

The thing is, when using the upstart job in those instructions, when Mattermost is started, it’s running with the user ‘root’.

sudo touch /etc/init/mattermost.conf
sudo vi /etc/init/mattermost.conf

Copy the following lines into /etc/init/mattermost.conf

start on runlevel [2345]
stop on runlevel [016]
chdir /opt/mattermost
exec bin/platform

You can manage the process by typing:
sudo start mattermost

Is this an expected behaviour?
How do I change the upstart job to run as the user I’ve created for this purpose? I think it’s more secure that way.

Thank you all in advence for your help.

I found out how to make Mattermost be run as an unprivileged user via upstart in CentOS/RedHat 6.

This is the upstart config that worked for me (unprivileged user mmost):

start on runlevel [2345] stop on runlevel [016] respawn chdir /opt/mattermost exec sudo -u mmost bin/platform

Notice the difference in the last line from the original, found in the documentation for Production Install.

PS: how can I make this finding to be included in the previously mentioned document?


Thanks, this works, but how does one implement this under systemd? I’m running mattermost in a Linux Container on a Debian 8 host, so the only option I have at the moment is running the service as root.

Of course this works, but I suppose the reason mattermost should run under it’s own username is for better security. It that correct?

The primary reason I want this, is so that I can run mattermost on port 443 rather than on port 8065. Is there any reason why the service is not running on the default https port?

Hi lifeboy,
you’re right. Running mattermost as a non-root user is a security
I found this https://bbs.archlinux.org/viewtopic.php?id=162297 that may
help you creating your systemd service configuration.

I’ll try later to install on CentOS 7.2 and I’ll get back to you.

Best regards,