Introduction
This article explains how to configure Replicated and Terraform Enterprise (TFE) to run using a custom Linux user and group, instead of the default replicated user. This is often needed for customers with stricter user access policies or company-specific security requirements.
Important: These changes require TFE downtime. Please perform during a scheduled maintenance window.
Expected Outcome
A custom user can be used instead of the default replicated user as per the requirement.
Prerequisites
- Knowledge of Linux user & group
- Knowledge of replicated setup
Procedure
Stop Terraform Enterprise (TFE)
Stop the application and all containers cleanly.
sudo systemctl stop replicated-ui sudo systemctl stop replicated-operator sudo systemctl stop replicated
Then stop all running Docker containers:
docker ps -q | xargs -r docker stop
Update Replicated Services to Use Custom User
Replicated systemd service files are located at: /etc/systemd/system/
The relevant files to edit are:
- replicated.service , replicated-operator.service , replicated-ui.service
sudo vi /etc/systemd/system/replicated.service sudo vi /etc/systemd/system/replicated-operator.service sudo vi /etc/systemd/system/replicated-ui.service
Locate or add the following lines under the [Service] section:
User=<custom_user> Group=<custom_group>
Replace <custom_user> and <custom_group> with the desired user and group configured on the host (e.g., tfeuser or appsvc). Ensure the user/group already exists on the system.
Reload and Restart Services
Reload systemd to recognize the modified unit files:
sudo systemctl daemon-reload
Start the replicated services:
sudo systemctl start replicated sudo systemctl start replicated-operator sudo systemctl start replicated-ui
Start the TFE application:
replicatedctl app start
Additional Information
Custom users must have sufficient permissions to access the network, bind ports, and access mounted volumes. These steps may need to be repeated after upgrading TFE, depending on the upgrade strategy and replicated updates
If you run into any issues, please collect a support bundle and contact HashiCorp support.