Restricting root to specific network while leaving other accounts unaffected

Jamon Camisso jamon.camisso-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Wed Jul 17 16:32:50 UTC 2013


On 14/07/13 04:12 PM, William Muriithi wrote:
<snip>
> Now, to make sure I don't miss files remotely, I need to SSH as root.
> Using any other account risk leaving out some files and having people
> complain at you when update fails.  So I enabled remote root access and
> that's how we have been working.
</snip>

This root uid/gid is the issue that will make SSH keys and sudo seem
difficult. I can't think of any reason to be running JBoss as root.

Setup a dedicated user and group for JBoss and all your problems can be
addressed using SSH, ForceCommand and Match directives with SSH, and
basic filesystem permissions.

I do this with Glassfish and Solr and have had zero problems copying
multi GB indexes from Dev to staging to prod servers. Sudo is not needed
anywhere in such a setup either.

Can you explain why JBoss needs to be running as root in your environments?

Cheers, Jamon
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list