lucene-solr-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Singh <jacobsi...@gmail.com>
Subject Best practices for permissions in DistrobutionScripts
Date Tue, 01 Jul 2008 11:34:07 GMT
Hey,

Sorry to bug everyone again in my newbieness, but this is a quick one, I
promise :)

I'm running a master and a slave, both on debian using jetty6 (from deb)

jetty6 runs under user jetty which has no group.  It writes files as
jetty.nogroup 664.

This means my data directory is 664.

jetty is a "daemon user", and is therefor set to /bin/false for login
which is probably best.

I can get everything working nicely if I change this to /bin/bash on
both machines, add .ssh keys to jetty's home dir on both machines
(/usr/share/jetty/.ssh) and use the -u jetty option on all my scripts.

I don't like this though.  I'm not sure why, just doesn't seem very nice.

So should I:

a).
Add jetty to a group called jetty
Somehow get jetty6 to use that group
Create another user (solr) and add it to the group jetty
Let it run the snapshooter

or b)
Just change /etc/passwd so jetty can login.  Is there a securety problem
there?

Best,
Jacob

Mime
View raw message