Hm is therer a particular technical reason I would need to run fleetdm as root? I installed using the Ansible Playbook from FleetDMAutomation and found that although it created a user for fleet the service itself was still running as root

Hi Tilman! I believe so, the fleet server doesn't need to run as root. Which docs/scripts are you referring to?

Hi Lucas, I used this repo: https://github.com/CptOfEvilMinions/FleetDM-Automation

Ah, TIL about such community project. @Benjamin Edwards might know more.

I believe it was even referenced from the fleetdm doucmentation

Indeed, let's wait for Ben's feedback on this, he's an expert on the deployment side of Fleet.

I've seen it but I'm not very aware of the details. I don't see why you couldn't run fleet as a non root user. Especially inside of a container.

@CptOfEvilMinions maybe you have some thoughts? Or this could use an update?

Looking at the SystemD config, I can confirm that Fleet is running as root. Fleet should be running as the

fleetdm

user created by the Ansible playbook. I can submit a PR later this week or early next to fix this. https://github.com/CptOfEvilMinions/FleetDM-Automation/blob/main/conf/ansible/fleetdm/fleetdm-systemd.service

Awesome, thanks for the quick response!

@Tilman Bender I have updated my Github repo, specifically the SystemD config to run fleetdm as a non-root user. Systemd config: https://github.com/CptOfEvilMinions/FleetDM-Automation/blob/main/conf/ansible/fleetdm/fleetdm-systemd.service

Thank you! I'm updating the Fleet docs: https://github.com/fleetdm/fleet/pull/4702

@CptOfEvilMinions Thank you I had also tested that setting independently on Thursday. Seems to work fine.