What are "sufficient access rights to run the Nexus service" (as nexus user on Linux)

Question

What are "sufficient access rights to run the Nexus service" (as nexus user on Linux)

Nexus3 Documentation https://books.sonatype.com/nexus-book/reference3/install.html#configure-service say

Then create a nexus user with sufficient access rights to run the service.

I understand that logs should be writable, and scripts executable, but as while installing, possibly for the first time, how can user know?

But documentation does not guide about this.

Having recommended nexus and sonatype-work folders.

lrwxrwxrwx. 1 root root 25 Jun 5 16:46 nexus -> /opt/nexus/nexus-3.3.0-01 drwxr-xr-x. 9 root root 4096 May 11 08:26 nexus-3.3.0-01 -rw-r--r--. 1 root root 107331345 Apr 20 08:52 nexus-3.3.0-01-unix.tar.gz drwxr-xr-x. 3 root root 4096 Apr 20 08:53 sonatype-work

Maybe that should be one command to add all permission for folder in nexus and sonatype-work folders?

IMPORTANT Be sure to assign the appropriate permissions to the user running the nexus service.

Answer 1

@Brennan Mann thank you for your answer. It's awesome. You just forgot to mention that it is needed to set a password for user "nexus".

Use the passwd command:

Usage: passwd [options] [LOGIN]

So if you want to set a password for the new user, you type in:

sudo passwd nexus 

and you're good.

Answer 2

EDIT file /bin/nexus and uncomment INSTALL4J_JAVA_HOME line variable with your java installation path INSTALL4J_JAVA_HOME="withjavahomepath" Edit file /bin/nexus.vmoptions and add your path directory of your sonartype-work

Official documentation

-Dkaraf.data=/opt/sonatype-work/nexus3
-Djava.io.tmpdir=/opt/sonatype-work/nexus3/tmp
-XX:LogFile=/opt/sonatype-work/nexus3/log/jvm.log
-Dkaraf.log=/opt/sonatype-work/nexus3/log

Answer 3

Nexus Service Account Setup for nexus-3.9.0-01 Linux

1. Create a service user

It is good practice to run the Nexus service or daemon as a specific user that has only the required access rights. The user should be named 'nexus' and it must be able to create a valid shell.

To add the user, run the following command:

sudo useradd nexus

Also, I've configured the user's home directory to be the install directory

sudo usermod -d /opt/nexus nexus

2. Configure the directory user and group owner

We need to grant the nexus user premission to the Nexus directories. We will be changing ownership from "root" to "nexus" for both the owner and group.

sudo chown nexus:nexus /opt/nexus -R

Run the "ls -l" to confirm the ownership change. The directories should like:

/opt/nexus$ ls -l
drwxr-xr-x 10 nexus nexus 4096 Mar  8 15:32 nexus-3.9.0-01
drwxr-xr-x  3 nexus nexus 4096 Mar  8 15:08 sonatype-work

3. Configure Nexus to run as your new service account

Now that we have created a new service account, we need to configure Nexus to run as our new "nexus" user. In the "/opt/nexus/nexus-3.9.0-01/bin" directory, please edit the "nexus.rc" file with nano or VI. The file should mirror the following:

run_as_user="nexus"

4. Validate the Install is working with the service account

To vaidate the that the install is working, start the Nexus service. To start the repository manager from application directory in the bin folder on a Unix-like platform like Linux use:

./nexus run

After starting the service for any Linux-based operating systems, verify that the service started successfully.

Startup is complete when the log shows the message "Started Sonatype Nexus".

tail -f /opt/sonatype-work/nexus3/log/nexus.log

Run the "top" command to cofirm that the service is running under the "nexus" user ( will require another terminal session)

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
29688 nexus     20   0 7401296 1.155g  25424 S   0.3  4.2   4:23.95 java

To stop the service in the "top" terminal window, type:

./nexus stop 

Next, you will need to configure the daemon to start up as a service using init.d or systemd. Please see the following link for the official Nexus documentation :

https://help.sonatype.com/display/NXRM3/Run+as+a+Service