Merge pull request #2297 from aws-observability/root-user-linux

[aoc-collector non-root user]: Removing code that changes user
aws-observability · Sep 5, 2023 · ddc5d47 · ddc5d47
2 parents 787da80 + 5149a53
commit ddc5d47
Show file tree

Hide file tree

Showing 7 changed files with 4 additions and 337 deletions.
diff --git a/cmd/awscollector/main_others.go b/cmd/awscollector/main_others.go
@@ -24,22 +24,9 @@ import (
 	"log"
 
 	"go.opentelemetry.io/collector/otelcol"
-
-	"github.com/aws-observability/aws-otel-collector/pkg/extraconfig"
-	"github.com/aws-observability/aws-otel-collector/pkg/userutils"
 )
 
 func run(params otelcol.CollectorSettings, flagSet *flag.FlagSet) error {
-	// Try to switch user when the collector is running on a host.
-	// For container the user and group is determined by the deployed manifest.
-	if !extraconfig.IsRunningInContainer() {
-		// avoid running as 'root' user on Linux
-		_, err := userutils.ChangeUser()
-		if err != nil {
-			log.Printf("E! Failed to ChangeUser: %v ", err)
-			return err
-		}
-	}
 	return runInteractive(params, flagSet)
 }
 

diff --git a/pkg/userutils/set_uid_gid.go b/pkg/userutils/set_uid_gid.go
diff --git a/pkg/userutils/userutil_darwin.go b/pkg/userutils/userutil_darwin.go
diff --git a/pkg/userutils/userutil_linux.go b/pkg/userutils/userutil_linux.go
diff --git a/pkg/userutils/userutil_test.go b/pkg/userutils/userutil_test.go
diff --git a/tools/packaging/linux/aws-otel-collector.conf b/tools/packaging/linux/aws-otel-collector.conf
@@ -18,7 +18,8 @@ start on (runlevel [345] and started network)
 stop on (runlevel [!345] or stopping network)
 
 normal exit 0
-
+setuid aoc
+setgid aoc
 respawn
 
 script

diff --git a/tools/packaging/linux/aws-otel-collector.service b/tools/packaging/linux/aws-otel-collector.service
@@ -28,6 +28,8 @@ ExecStart=/opt/aws/aws-otel-collector/bin/aws-otel-collector $config
 KillMode=process
 Restart=on-failure
 RestartSec=60s
+User=aoc
+Group=aoc
 
 [Install]
 WantedBy=multi-user.target