• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Suggestions needed on User management

 
Ranch Hand
Posts: 10198
3
Mac PPC Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Linux Gurus - I need some advice on adding a user to a certain group so that access to my application is restricted. I have the following 3 folders under /opt/softwares:



As you can see the conf and data folder should be protected as the conf folder will be only read by anything from inside the application folder where my web app will be running from. The data folder will be also written and read by my web app through MongoDB which is installed in a different location but also has the root and root as its user and group. I have another user called joe but when I tried to install or create a new folder under /opt/, it failed saying that joe does not belong to the sudoers and I also do not want joe to be on the sudoers list. Please suggest me some general idea on how to organize application, database access and how to give user access and which user should be owning what.
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.
 
Joe San
Ranch Hand
Posts: 10198
3
Mac PPC Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.



I did not yet create seperate users for mongodb and my application server. I will do them now. Do these users need to have a home directory? I guess not as they are just a fictional user and I will not be doing any normal stuff that I do with the user joe.
 
Ulf Dittmer
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.
 
Joe San
Ranch Hand
Posts: 10198
3
Mac PPC Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Ulf Dittmer wrote:Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.



It was in fact possible to create a user without a home directory.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic