Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

Swapping the default service account for AEM Quickstart on Linux

Avatar

Level 2

I'm trying to swap the default service account for AEM Quickstart on Linux RHEL (AEM 6.5.16). I'm concerned about using the ec2-user account in production and want to set up a dedicated service account with appropriate permissions. Has anyone done this before? What configuration changes did you make? 

TL;DR Instead of running Quickstart.jar as ec2-user, I want to run it as a different user with minimal permissions required.

 

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Here are steps you can follow to set up a dedicated service account for AEM Quickstart on Linux RHEL. Here are the steps:

  1. Create a new user: You can create a new user who will have access to the service. For example, if you want to create a user named aem, you can do so using the following commands:

    sudo adduser aem
    sudo usermod -aG wheel aem

    This will create a new user aem and add it to the wheel group, which has sudo privileges.

  2. Test the new user: You can test the new user with the following commands:

    su - aem
    sudo ls -la /root

    This will switch to the aem user and attempt to list the contents of the /root directory, which is only accessible by root.

  3. Set up AEM as a service: You can set up AEM as a service following the instructions provided in the Adobe Experience Manager documentation. Make sure to replace any instance of ec2-user with aem.

  4. Run Quickstart.jar as the new user: You can run the Quickstart.jar file as the new user using the sudo command:

    sudo -u aem java -jar Quickstart.jar

    This will run the Quickstart.jar file as the aem user.

  5. Set permissions: Ensure that the new user has the necessary permissions to access and execute the jar file. You can set the permissions using the chmod command:

    sudo chmod u+rwx /path/to/Quickstart.jar
  6. Manage User Permissions in AEM: Adobe Experience Manager is designed to cater for content authoring of multiple sites by multiple content authors. This process needs to be governed by strict Access Control Lists (ACLs) to manage who is allowed to do what at any given time.

Let me know if this works for you.

 

View solution in original post

2 Replies

Avatar

Correct answer by
Community Advisor

Here are steps you can follow to set up a dedicated service account for AEM Quickstart on Linux RHEL. Here are the steps:

  1. Create a new user: You can create a new user who will have access to the service. For example, if you want to create a user named aem, you can do so using the following commands:

    sudo adduser aem
    sudo usermod -aG wheel aem

    This will create a new user aem and add it to the wheel group, which has sudo privileges.

  2. Test the new user: You can test the new user with the following commands:

    su - aem
    sudo ls -la /root

    This will switch to the aem user and attempt to list the contents of the /root directory, which is only accessible by root.

  3. Set up AEM as a service: You can set up AEM as a service following the instructions provided in the Adobe Experience Manager documentation. Make sure to replace any instance of ec2-user with aem.

  4. Run Quickstart.jar as the new user: You can run the Quickstart.jar file as the new user using the sudo command:

    sudo -u aem java -jar Quickstart.jar

    This will run the Quickstart.jar file as the aem user.

  5. Set permissions: Ensure that the new user has the necessary permissions to access and execute the jar file. You can set the permissions using the chmod command:

    sudo chmod u+rwx /path/to/Quickstart.jar
  6. Manage User Permissions in AEM: Adobe Experience Manager is designed to cater for content authoring of multiple sites by multiple content authors. This process needs to be governed by strict Access Control Lists (ACLs) to manage who is allowed to do what at any given time.

Let me know if this works for you.