Greengrass v2 running as non root user

Question

Hi,  
  
I'm trying to run the Greengrass V2 core on the device as non root user. I installed the GGC without any problems. I want the Greengrass to be ran from ggc_user. I have /home/ggc_user/greengrass folder. I changed the service to use:  
ExecStart=/bin/sh /home/ggc_user/greengrass/alts/current/distro/bin/loader  
User=ggc_user  
Group=ggc_group  
This is all working but I'm getting some strange errors:  
2021-01-28T09:32:44.160Z \[ERROR] (pool-2-thread-15) aws.greengrass.Nucleus: shell-runner-error. Error while running process. {scriptName=services.aws.greengrass.Nucleus.lifecycle.bootstrap.script, serviceName=aws.greengrass.Nucleus, currentState=FINISHED, command=\["\nset -eu\nKERNEL_ROOT=\u0022/home/ggc_user/greengrass\u0022\nUNPACK_DIR=\u0022/home/ggc_user/gr..."]}  
java.io.IOException: Cannot run program "sudo" (in directory "/home/ggc_user/greengrass/work/aws.greengrass.Nucleus"): error=2, No such file or directory  
	at java.lang.ProcessBuilder.start(Unknown Source)  
	at java.lang.Runtime.exec(Unknown Source)  
	at com.aws.greengrass.util.Exec.exec(Exec.java:422)  
	at com.aws.greengrass.util.Exec.background(Exec.java:469)  
	at com.aws.greengrass.lifecyclemanager.ShellRunner$Default.successful(ShellRunner.java:102)  
	at com.aws.greengrass.lifecyclemanager.GenericExternalService.run(GenericExternalService.java:539)  
	at com.aws.greengrass.lifecyclemanager.GenericExternalService.run(GenericExternalService.java:557)  
	at com.aws.greengrass.lifecyclemanager.GenericExternalService.run(GenericExternalService.java:485)  
	at com.aws.greengrass.lifecyclemanager.GenericExternalService.bootstrap(GenericExternalService.java:175)  
	at com.aws.greengrass.deployment.bootstrap.BootstrapManager.executeOneBootstrapTask(BootstrapManager.java:399)  
	at com.aws.greengrass.deployment.bootstrap.BootstrapManager.executeAllBootstrapTasksSequentially(BootstrapManager.java:425)  
	at com.aws.greengrass.deployment.activator.KernelUpdateActivator.activate(KernelUpdateActivator.java:84)  
	at com.aws.greengrass.deployment.DeploymentConfigMerger.updateActionForDeployment(DeploymentConfigMerger.java:128)  
	at com.aws.greengrass.deployment.DeploymentConfigMerger.lambda$mergeInNewConfig$0(DeploymentConfigMerger.java:91)  
	at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.runUpdateActions(UpdateSystemPolicyService.java:94)  
	at com.aws.greengrass.lifecyclemanager.UpdateSystemPolicyService.lambda$startup$0(UpdateSystemPolicyService.java:164)  
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)  
	at java.util.concurrent.FutureTask.run(Unknown Source)  
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)  
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)  
	at java.lang.Thread.run(Unknown Source)  
Caused by: java.io.IOException: error=2, No such file or directory  
	at java.lang.UNIXProcess.forkAndExec(Native Method)  
	at java.lang.UNIXProcess.(Unknown Source)  
	at java.lang.ProcessImpl.start(Unknown Source)  
	... 21 more  
  
On my system I do not have sudo command (I won't be able to add it). Why greengrass wants to use it?

Answer

Hi,  
Greengrass requires the sudo program in order to run commands as different users because you can choose to run components as any arbitrary user. Components can also have RequiresPrivilege=true which means that the command needs to run as root to install something for example. One example of this is the Greengrass Nucleus update. It requires root so that it can adjust symlinks which will be owned by the user which is executing Greengrass which is typically root.  
  
See https://docs.aws.amazon.com/greengrass/v2/developerguide/setting-up.html#greengrass-v2-requirements for a list of system requirements, including sudo.  
  
Cheers,  
Michael Dombrowski

Greengrass v2 running as non root user

Relevant content