Adobe Experience Manager Sites & More

AEM_user25 · 1/11/24

I'm trying to swap the default service account for AEM Quickstart on Linux RHEL (AEM 6.5.16). I'm concerned about using the ec2-user account in production and want to set up a dedicated service account with appropriate permissions. Has anyone done this before? What configuration changes did you make?

TL;DR Instead of running Quickstart.jar as ec2-user, I want to run it as a different user with minimal permissions required.

pulkitvashisth · 1/11/24

Here are steps you can follow to set up a dedicated service account for AEM Quickstart on Linux RHEL. Here are the steps:

Create a new user: You can create a new user who will have access to the service. For example, if you want to create a user named aem, you can do so using the following commands:
```
sudo adduser aem
sudo usermod -aG wheel aem
```
This will create a new user aem and add it to the wheel group, which has sudo privileges.
Test the new user: You can test the new user with the following commands:
```
su - aem
sudo ls -la /root
```
This will switch to the aem user and attempt to list the contents of the /root directory, which is only accessible by root.
Set up AEM as a service: You can set up AEM as a service following the instructions provided in the Adobe Experience Manager documentation. Make sure to replace any instance of ec2-user with aem.
Run Quickstart.jar as the new user: You can run the Quickstart.jar file as the new user using the sudo command:
```
sudo -u aem java -jar Quickstart.jar
```
This will run the Quickstart.jar file as the aem user.
Set permissions: Ensure that the new user has the necessary permissions to access and execute the jar file. You can set the permissions using the chmod command:
```
sudo chmod u+rwx /path/to/Quickstart.jar
```
Manage User Permissions in AEM: Adobe Experience Manager is designed to cater for content authoring of multiple sites by multiple content authors. This process needs to be governed by strict Access Control Lists (ACLs) to manage who is allowed to do what at any given time.

Let me know if this works for you.

View solution in original post

EstebanBustamante · 1/11/24

Hi,

I think these articles may help:
https://github.com/ksurendra/aem-as-a-service

https://chintalapudi4.medium.com/installing-aem-as-a-service-linux-centos-7-x-7d879259747d

Esteban Bustamante

pulkitvashisth · 1/11/24

Here are steps you can follow to set up a dedicated service account for AEM Quickstart on Linux RHEL. Here are the steps:

Create a new user: You can create a new user who will have access to the service. For example, if you want to create a user named aem, you can do so using the following commands:
```
sudo adduser aem
sudo usermod -aG wheel aem
```
This will create a new user aem and add it to the wheel group, which has sudo privileges.
Test the new user: You can test the new user with the following commands:
```
su - aem
sudo ls -la /root
```
This will switch to the aem user and attempt to list the contents of the /root directory, which is only accessible by root.
Set up AEM as a service: You can set up AEM as a service following the instructions provided in the Adobe Experience Manager documentation. Make sure to replace any instance of ec2-user with aem.
Run Quickstart.jar as the new user: You can run the Quickstart.jar file as the new user using the sudo command:
```
sudo -u aem java -jar Quickstart.jar
```
This will run the Quickstart.jar file as the aem user.
Set permissions: Ensure that the new user has the necessary permissions to access and execute the jar file. You can set the permissions using the chmod command:
```
sudo chmod u+rwx /path/to/Quickstart.jar
```
Manage User Permissions in AEM: Adobe Experience Manager is designed to cater for content authoring of multiple sites by multiple content authors. This process needs to be governed by strict Access Control Lists (ACLs) to manage who is allowed to do what at any given time.