[Trilug-ontopic] sysadmin questions
Richard O. Hammer
rhammer at FastMail.fm
Sat Jun 12 05:48:53 EDT 2010
Thank you, Cristóbal.
The context is this: I am starting from a minimal default and building up.
In my job my assignment has been to produce demonstration prototypes of web
applications. I am familiar with Java, so I use Tomcat. I've learned a little
Unix and Linux over the years, but I'm only an amateur system administrator.
So I get a Linux server connected to the Internet, with no organizational
inheritance at all except that inheritance which comes in all software packages;
I don't believe I'm using LDAP. I make sure Java and Tomcat are installed. I
work as root.
I've been doing this minimal, prototype development, part time, for years,
always working only as root. Now years ago I did see the omnipresent advice
that one should not work as root unless necessary, because of the dangers. So I
followed that advice for a while. I created another user account and logged in
as that other user. But then I found that every time I logged in as that other
user the first thing I had to do was su to root, because effectively everything
I was doing was root-type work. I was not doing any other, just-everyday work
on the server; I do just-everyday work on my Windows workstation. So I stopped
following the omnipresent advice for Linux administrators, and just did
everything logged in as root. I've never had any of the troubles, brought on by
only logging in as root, which motivate the omnipresent advice.
Now one of my projects, using this style of prototype development on a Linux
server while working as root, has landed in fertile soil. My assignment is to
share the server with other users, so others can do whatever they might need to
do, as Java developers with a Tomcat installation.
My first step was to share the root password with everyone in our small team,
because I don't know exactly how to set up user accounts and groups with
permissions adequate. I've never had to set up user accounts before, so I'm
learning the implications of groups.
Our server runs at runlevel 3. So we don't have gui sysadmin tools. I do most
useful work from a command prompt.
After installing Tomcat, I have both a user named tomcat and a group named
tomcat. Here's the report on the tomcat directory:
[root at test etc]# ls -ld /usr/local/tomcat
drwxrwxr-x 11 root tomcat 4096 Jun 11 23:49 /usr/local/tomcat
So I'm thinking maybe I will:
- make a group for the developers in our team;
- make a user account for each developer with the default group being that one
- add the developers group to the tomcat group (??)
I have not come across any advice written for someone trying to do what I'm
trying to do, so I will appreciate inputs from Trilug's experts.
More information about the Trilug-ontopic