Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Suggestions needed on User management

 
Joe Harry
Ranch Hand
Posts: 10124
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Linux Gurus - I need some advice on adding a user to a certain group so that access to my application is restricted. I have the following 3 folders under /opt/softwares:



As you can see the conf and data folder should be protected as the conf folder will be only read by anything from inside the application folder where my web app will be running from. The data folder will be also written and read by my web app through MongoDB which is installed in a different location but also has the root and root as its user and group. I have another user called joe but when I tried to install or create a new folder under /opt/, it failed saying that joe does not belong to the sudoers and I also do not want joe to be on the sudoers list. Please suggest me some general idea on how to organize application, database access and how to give user access and which user should be owning what.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.
 
Joe Harry
Ranch Hand
Posts: 10124
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:Start by running each server under its own account that does not have root privileges. For example, you'd have users tomcat and mongodb. Then add those accounts to groups as appropriate for them have the data access they need.


I did not yet create seperate users for mongodb and my application server. I will do them now. Do these users need to have a home directory? I guess not as they are just a fictional user and I will not be doing any normal stuff that I do with the user joe.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.
 
Joe Harry
Ranch Hand
Posts: 10124
3
Eclipse IDE Mac PPC Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ulf Dittmer wrote:Not sure if it's possible to create accounts without home directory, but there's no harm in them having one. But more importantly, these accounts should not be allowed to log in interactively.


It was in fact possible to create a user without a home directory.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic