3

While installing AWS IoT Greengrass for Raspberry Pi, there is a need to create ggc_user & ggc_group as mentioned in Greengrass developer guide step 9:

sudo adduser --system ggc_user

sudo addgroup --system ggc_group

Q1) Is it possible to use another user & group or customize?

Q2) What other configurations will be required to change in raspberry pi setup or greengrass setup or AWS Console then to make greengrass work on pi?

EDITED QUESTION: if rename ggc_user name to XYZ_user, why do greengrass-sdk stop working? Do i need to use this new username on any other files or setup/config of greengrass?

Community
  • 1
JPI
  • 239
  • 1
  • 3
  • 7
  • Why don't you want to create a specific user/group? – hardillb Dec 20 '18 at 18:10
  • 1
    @hardillb it is part of instructions which is out of my reach to alter. i am actually trying to make solution which will run from windows host and will automatically (and somewhat blindly) setup "targeted solution" to new raspberry pi clients. and i believe the ggc_user is required to customize as part of this desired solution's security aspect. – JPI Dec 21 '18 at 07:39
  • 1
    That doesn't really explain why you want to change the user/group. Edit the question to include why you want to change it and what benefit you think it will give you. – hardillb Dec 21 '18 at 08:45
  • @hardillb As i mentioned earlier, it is kind of security aspect requirement. Mainly there is no out-of-box setting allowed and therefore i want to use custom username/group instead of fixed ggc_user. i hope that clarifies the purpose. Thanks – JPI Dec 21 '18 at 17:52
  • As I said EDIT the question, and changing the name of the group/user makes no difference to the security as the user won't be able to logon to the machine no matter what you name it – hardillb Dec 21 '18 at 20:06
  • @hardillb I edited question 2 for better understanding of scope of config/settings change in application level or os level or greengrass-sdk level. I am expecting answer on Q2 from this platform if Q1 answer is YES. If it is hard-coded rule by AWS and cannot be allowed to change then Q2 is not required. Thanks – JPI Dec 22 '18 at 13:02
  • You've still not explained the problem you are actually trying to solve by change the name. As I said changing the name will have no impact on security and will most likely just break things that expect the user/group to have that name – hardillb Dec 22 '18 at 13:40
  • The edit still doesn't answer the WHY you want to do this, as I have already said, changing things for the sake of changing things does not automatically make it more secure. The username is listed as a prerequisite Greengrass Code code and as such it is safe to assume that the username hardcoded into the core daemon code and can not be changed. – hardillb Dec 24 '18 at 21:36
  • @hardilib thanks for reply. as i had mentioned earlier, i am unable to disclose everything on public platform as part of my NDA. meanwhile, lets assume that i changed the username, what other places i will have to change this name? or is it impossible due to hardcoded or closed code of AWS? – JPI Dec 25 '18 at 07:30

0 Answers0