| View previous topic :: View next topic |
| Author |
Message |
danhan79
n00b
Joined: 17 Jul 2003
Posts: 7
|
 Posted: Fri Jun 17, 2005 10:02 pm Post subject: noob help with permissions |
 |
|
I know that you shouldn't run as root so I have setup another user for daily work.
But how are permissions supposed to be setup on applications so that a regular user has access to them? I.e. I have Tomcat installed and all the directories are rwxr-x-r-x (with owner:tomcat and group:tomcat)
As a regular user (i.e. danhan) I want to have write capabilities so I've been adding danhan to the group: tomcat and changing all the directories under tomcat to rwxrwxr-x.
But is this the 'right' way to do it?
Or should I login as a user tomcat? (And I'm not sure what to do with application-created users....like when I emerged tomcat, the app created the user tomcat...) |
|
| Back to top |
|
 |
_loki_
l33t
Joined: 18 Dec 2003
Posts: 680
Location: in the shell
|
| Posted: Fri Jun 17, 2005 11:19 pm Post subject: |
|
|
You shouldn't change the permissions of the folders, when you are in the right group that souldn't be necessary.. A line like this
| Code: |
drwxr-xr-x 3 root root 29 Jun 16 15:12 home
|
is interpreted as the following:
the first "d" says it's a directory if there is a "-" it's a file and there are other letters, too for diffreent types of contens. The next 3 digest are the permissions for the owner, then 3 for the group and at last 3 for users. So it shoulb be enough to add your user to the right group, in
there is a nice explanation at: http://www.comptechdoc.org/os/linux/usersguide/linux_ugfilesp.html
if you are using udev you can chage the group for the devices by will, explaining that might go to far, but if you're interessted read this thread: https://forums.gentoo.org/viewtopic-t-324300-highlight-udev+issues.html
Have fun! |
|
| Back to top |
|
|
danhan79
n00b
Joined: 17 Jul 2003
Posts: 7
|
| Posted: Sat Jun 18, 2005 7:31 pm Post subject: |
|
|
| Quote: |
You shouldn't change the permissions of the folders, when you are in the right group that souldn't be necessary.. A line like this
| Code: | drwxr-xr-x 3 root root 29 Jun 16 15:12 home
|
|
I don't understand. According to the ls output, if user [whoever] is in the root group then he wouldn't have write access to this directory. That's why I've been changing the directory permissions...because I want to have a certain group to have rwx access to certain directories. |
|
| Back to top |
|
|
_loki_
l33t
Joined: 18 Dec 2003
Posts: 680
Location: in the shell
|
| Posted: Sat Jun 18, 2005 8:36 pm Post subject: |
|
|
| if you need write support you have to set the "w"; so the clean solution would be to put your user in the specific group and add write support for the group on the folder, just like you did! |
|
| Back to top |
|
|
adaptr
Watchman
Joined: 06 Oct 2002
Posts: 6730
Location: Rotterdam, Netherlands
|
| Posted: Sat Jun 18, 2005 8:49 pm Post subject: |
|
|
As tomcat is an application server framework, it is conceivable you might want to work on it with more than one user, in which case assigning a group to it and adding you ruser to the gruop would be the correct way of gaining access.
If, however, you are the only user who needs write access to the tomcat system, then just use root to perform those functions.
Note that, even though tomcat does setup itself to also be owned by a group named "tomcat" this is often more a convention than of any functional use, since it does need the proper permissions for the group for a member of that group to be able to administrate it; it doesn't work by default.
Whether or not changing the group permissions on the tomcat system directories is a good idea should be detailed in the documentation.
Some applications demand proper permissions on directories, be it for security or functionality - if tomcat does not, then feel free to use the scheme outlined above.
_________________
>>> emerge (3 of 7) mcse/70-293 to /
Essential tools: gentoolkit eix profuse screen |
|
| Back to top |
|
|
danhan79
n00b
Joined: 17 Jul 2003
Posts: 7
|
| Posted: Sun Jun 19, 2005 1:02 am Post subject: Ok got it |
|
|
| Thanks all. It's a bit clearer now. |
|
| Back to top |
|
|
|
Networking & Security
