Running Eth Docker on a service account
Using a "service account"
You may want to run Eth Docker on one user, and then have other users be able to administer it. For this
example, the user that installs Eth Docker will be node, the two admin users will be alice and bob,
and all three belong to the node-admins group.
alice and bob can sudo, so they can "become" node when running ethd
As alice, create the node user and node-admins group
sudo adduser nodesudo addgroup node-adminssudo adduser node node-adminssudo adduser alice node-adminssudo adduser bob node-admins
Keep node from logging in via ssh
sudo nano /etc/ssh/ssh_config.d/99-disable-node-login.conf
DenyUsers node
- Save and close
sudo systemctl restart ssh
Become node and download Eth Docker, and set permissions
sudo su - nodecd ~ && git clone https://github.com/ethstaker/eth-docker.gitchown node:node-admins .chown -R node:node-admins ./eth-dockerfind ./eth-docker -type d -exec chmod g+s {} +git config --global --add safe.directory ${HOME}/eth-dockerexit
As alice again, install prerequisites and configure Eth Docker
/home/node/eth-docker/ethd install- Consider saying "yes" to being able to call
ethdfrom anywhere source ~/.profileethd config- OR if you opted out of calling
ethdfrom anywhere /home/node/eth-docker/ethd config
Optinally, make bob part of the docker group
sudo adduser bob docker
If you opted in to being able to call ethd from anywhere, tell bob to add this to their ~/.profile
alias ethd=/home/node/eth-docker/ethd
cat /home/node/eth-docker/.motd
The node user now owns Eth Docker, but cannot run docker commands itself. If you want someone to be able
to become node and run docker commands, add node to the docker group as well: sudo adduser node docker