You are viewing a plain text version of this content. The canonical link for it is here.

Posted to solr-user@lucene.apache.org by Jacob Singh <ja...@gmail.com> on 2008/07/01 13:34:07 UTC

Best practices for permissions in DistrobutionScripts

Hey,

Sorry to bug everyone again in my newbieness, but this is a quick one, I
promise :)

I'm running a master and a slave, both on debian using jetty6 (from deb)

jetty6 runs under user jetty which has no group.  It writes files as
jetty.nogroup 664.

This means my data directory is 664.

jetty is a "daemon user", and is therefor set to /bin/false for login
which is probably best.

I can get everything working nicely if I change this to /bin/bash on
both machines, add .ssh keys to jetty's home dir on both machines
(/usr/share/jetty/.ssh) and use the -u jetty option on all my scripts.

I don't like this though.  I'm not sure why, just doesn't seem very nice.

So should I:

a).
Add jetty to a group called jetty
Somehow get jetty6 to use that group
Create another user (solr) and add it to the group jetty
Let it run the snapshooter

or b)
Just change /etc/passwd so jetty can login.  Is there a securety problem
there?

Best,
Jacob

Re: Best practices for permissions in DistrobutionScripts

Posted by Norberto Meijome <fr...@meijome.net>.

On Tue, 01 Jul 2008 17:04:07 +0530
Jacob Singh <ja...@gmail.com> wrote:

> a).
> Add jetty to a group called jetty
> Somehow get jetty6 to use that group
> Create another user (solr) and add it to the group jetty
> Let it run the snapshooter

This seems the best option.
B

_________________________
{Beto|Norberto|Numard} Meijome

"And that's one reason we like to believe in genius. It gives us an excuse for being lazy."
   Paul Graham

I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.