Version
Cb Response 5.1.1 and above
Topic
This solution has been created to answer some common questions around "Using CBCLUSTER as a Non-Root User".
Q/A
Question 1
What version(s) of Cb Response is this feature supported in?
Answer
As of Carbon Black version 5.1.1, it is possible to define a non-root user as the remote user for minion communication and execution. Previously, when adding a minion node to a cluster, the cbcluster utility required availability of root user on the minion node.
Question 2
Where can I locate the instructions on how to use this functionality?
Answer
These steps appear in 'Carbon Black Enterprise Response User Guide 5.1.1', Appendix L, titled "Using CBCLUSTER as a Non-Root User"
Question 3
If the password associated with the username configured to utilize NOPASSWD is going to change, will this affect minion functionality?
Answer
This is the NON-Root account that is setup for cluster management. In the sudoers file, all commands are setup with NOPASSWORD. Since we use SSH authorized keys and NOPASSWORD in the sudoers, the account password can be changed without any interruption of service.