aspose file tools*
The moose likes Linux / UNIX and the fly likes Suggestions needed on User management Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Linux / UNIX
Bookmark "Suggestions needed on User management" Watch "Suggestions needed on User management" New topic
Author

Suggestions needed on User management

Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9426
    
    2

Linux Gurus - I need some advice on adding a user to a certain group so that access to my application is restricted. I have the following 3 folders under /opt/softwares:



As you can see the conf and data folder should be protected as the conf folder will be only read by anything from inside the application folder where my web app will be running from. The data folder will be also written and read by my web app through MongoDB which is installed in a different location but also has the root and root as its user and group. I have another user called joe but when I tried to install or create a new folder under /opt/, it failed saying that joe does not belong to the sudoers and I also do not want joe to be on the sudoers list. Please suggest me some general idea on how to organize application, database access and how to give user access and which user should be owning what.


SCJP 1.4, SCWCD 1.4 - Hints for you, Certified Scrum Master
Did a rm -R / to find out that I lost my entire Linux installation!
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.


Ping & DNS - my free Android networking tools app
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9426
    
    2

Ulf Dittmer wrote:Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.


I did not yet create seperate users for mongodb and my application server. I will do them now. Do these users need to have a home directory? I guess not as they are just a fictional user and I will not be doing any normal stuff that I do with the user joe.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42276
    
  64
Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.
Joe Harry
Ranch Hand

Joined: Sep 26, 2006
Posts: 9426
    
    2

Ulf Dittmer wrote:Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.


It was in fact possible to create a user without a home directory.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Suggestions needed on User management