As a business consultant, I’ve set up my own business and hired 2 java developers who will be developing internal applications.
Can you advise me how I should give access to the developers to our server?
We are in the process of buying a small server that will be used for serving MySQL, Apache, Tomcat, subversion, … Those apps will be for internal use only. The developers would like to have root access to the server to start up and shutdown those services, to change the settings (mostly in /etc) and to look at the logs.
I’m planning to install opensuse 11.3 on this hardware, XEN and a virtual machine based on opensuse 11.3 (but without any GUI) that will host those apps.
Should I define 3 users with root access (me + 2 developers) or 1 root (me) and 2 users that will have be part of the mysql, apache, … group or 1 root for all?
Do you have any other suggestions to set up my server?
> Should I define 3 users with root access (me + 2 developers) or 1 root
> (me) and 2 users that will have be part of the mysql, apache, … group
> or 1 root for all?
You should set up a normal user account for yourself and the developers
and one root account.
When you go through the installation process it will prompt you to
create a user account. This will be a normal user. Make that your
account. It should also prompt your for a root password, and should
make the root account automatically.
After all’s installed, you can add the other two accounts. Do not make
them part of the root group, however they should probably have sudo
access. Learn about that in ‘man sudoers’. When they need root level
access to run a command they can just enter ‘sudo <COMMAND>’ and it will
execute with root permissions.
I believe by default openSUSE sets the sudoers to use the administrator
password. It’s probably better to change that so they have to enter
their own passwords, which is more the norm in other distributions.
HTH…
…Kevin
Kevin Miller
Juneau, Alaska http://www.alaska.net/~atftb
In a recent poll, seven out of ten hard drives preferred Linux.
OP, being in group mysql, etc, gives nothing. To start and stop services, root equivalent privilege is required. So pay attention to what Kevin wrote about using sudo. You can also restrict them to specific commands in sudoers.
Generally they will not need to restart things like mysql, Apache, etc. Just leave those running. However they may need to restart the tomcat server, and that only if the WAR deployment method is insufficient.
You’ll want to limit the commands they can do in sudo then. If sudo allows a user to run any command as root, then for all purposes they can become root. For example they can just do
sudo bash
and they have a root shell and they can do anything.
On 2010-11-15 22:36, eulaersivan wrote:
>
> Tx, I’ll take a look at sudo.
>
> Can I limit sudo access so that certain directories are not visible or
> accessible for the 2 developers but only for me (as business owner)?
In that case, you need two machines: one for them, one for you. Don’t give
them access to your machine. Which is god for other reason: while
developing, you can make a bad mistake and destroy data… better if that’s
not the real data.
–
Cheers / Saludos,
Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)
Carlos E. R. wrote:
> In that case, you need two machines: one for them, one for you. Don’t give
> them access to your machine. Which is god for other reason: while
> developing, you can make a bad mistake and destroy data… better if that’s
> not the real data.
+1
never let anyone develop software on the machine with the only copy of
real data…
(unless you want to hear: We had a little hiccup, and . . .")