Linux user to use for each virtual env? (e.g.adding AppDaemon)

What’s the best practice for what linux user each virtualenv is setup?


  • I’m using Python 3 with Raspbian on a Pi 3
  • Have Home Assistant in one virtualenv PLUS a second virtualenv for python scripts to read in currentcost data and publish to MQTT
  • In terms of users I have
    • pi
    • homeassistant (for virtualenv & running HA)
    • currentcost(for it’s virtualenv and running it)

So if I’m about to add AppDaemon, and will create another virtualenv for it, I’m wondering whether I need to create another linux user for it, or just use say the “homeassistant” user?

it’s a bit of nuisance and confusing swapping between virtual environments (although I’ll try virtualenvwrapper) but then also to be swapping user too.

The reason for creating another user would be increased security. You may wish to give the HA program rights that AD does not have.

For instance, I have seen a number of people add access to the reboot command to homeassistant user so they can reboot from the front end. If you then run appdaemon under the same user as HA, it will also have access to the reboot command, so a bug AD that allowed access to your system would allow the hacker to reboot your system.

The standard permissions of the homeassistant user don’t access to critical functions, so unless you change them its fine to run AD as homeassistant user.

Obviously, if you don’t have access from the internet to HA or AD, it doesn’t really matter.

ok thanks

Mind if I ask how you (or others) normally operate/develop in terms of accounts? Do you typically login (to your raspberry pi) as the “pi” user (noting homeassistant doesn’t have a password), and then “sudo su” to the “homeassistant” account, after which you do development etc in this account?

Personally, I have a virtual machine set up on my desktop, and I do most of my development on that. Then I just transfer the configuration files using git.

I do have to log on to the pi and then su to homeassistant to do the git pull, but that isn’t very often.

thanks - mind if I ask too, when you say you develop on the VM, do you mean just edit the config files? or do you actually run like a Dev homeassistant environment on the VM and test it, so you know it’ll work before pulling the changes down?

Its a complete environment, with its own appdaemon installation and MQTT broker, so I can test out configuraiton and automations before they are put on the working machine.

They almost always work when they are transferred :roll_eyes:

so you could develop/test scripts appdaemon apps too - I’ll have to put this on my todo list…

What about z-wave devices? Would need a way to “stub” them out so to speak on the VM I guess…