[Trilug-ontopic] sysadmin questions

Richard O. Hammer rhammer at FastMail.fm
Sat Jun 12 05:48:53 EDT 2010 

Thank you, Cristóbal.

The context is this:  I am starting from a minimal default and building up.

In my job my assignment has been to produce demonstration prototypes of web 
applications.  I am familiar with Java, so I use Tomcat.  I've learned a little 
Unix and Linux over the years, but I'm only an amateur system administrator.

So I get a Linux server connected to the Internet, with no organizational 
inheritance at all except that inheritance which comes in all software packages; 
I don't believe I'm using LDAP.  I make sure Java and Tomcat are installed.  I 
work as root.

I've been doing this minimal, prototype development, part time, for years, 
always working only as root.  Now years ago I did see the omnipresent advice 
that one should not work as root unless necessary, because of the dangers.  So I 
followed that advice for a while.  I created another user account and logged in 
as that other user.  But then I found that every time I logged in as that other 
user the first thing I had to do was su to root, because effectively everything 
I was doing was root-type work.  I was not doing any other, just-everyday work 
on the server; I do just-everyday work on my Windows workstation.  So I stopped 
following the omnipresent advice for Linux administrators, and just did 
everything logged in as root.  I've never had any of the troubles, brought on by 
only logging in as root, which motivate the omnipresent advice.

Now one of my projects, using this style of prototype development on a Linux 
server while working as root, has landed in fertile soil.  My assignment is to 
share the server with other users, so others can do whatever they might need to 
do, as Java developers with a Tomcat installation.

My first step was to share the root password with everyone in our small team, 
because I don't know exactly how to set up user accounts and groups with 
permissions adequate.  I've never had to set up user accounts before, so I'm 
learning the implications of groups.

Our server runs at runlevel 3.  So we don't have gui sysadmin tools.  I do most 
useful work from a command prompt.

After installing Tomcat, I have both a user named tomcat and a group named 
tomcat.  Here's the report on the tomcat directory:

[root at test etc]# ls -ld /usr/local/tomcat
drwxrwxr-x 11 root tomcat 4096 Jun 11 23:49 /usr/local/tomcat

So I'm thinking maybe I will:
  - make a group for the developers in our team;
  - make a user account for each developer with the default group being that one 
for developers;
  - add the developers group to the tomcat group (??)

I have not come across any advice written for someone trying to do what I'm 
trying to do, so I will appreciate inputs from Trilug's experts.

Rich Hammer

More information about the Trilug-ontopic mailing list