--- Buddy Shearer <[EMAIL PROTECTED]> wrote: > > Setting up JFFNMS within this *nix environment has been a bit taxing (and > fun too).
True that's how we all learned! :-) > > However, it would be great if someone could answer a question: > > If an admin like myself is running JFFNMS for monitoring a network then how > many user ids should there be? (Don't answer) > > mysql for MySQL - per MySQL setup instructions > jffnms for JFFNMS - per JFFNMS setup instructions > pgsql for Postrgresql - per setup instructions > myownid for *nix > > and then we have root > > Here is the question: > If I replace myownid instead of using mysql, jffnms, and pgsql would I not > save myself a bunch of permission issues when there are conflicts? > > I am discovering that even though I have a semi-working system. The jffnms > user cannot start Postgresql and root cannot start it either. And since I > run from root this makes life a tad difficult. Oh, and crontab apparently > does not run poller.php and friends due to permissions issues as well. > > I was thinking about setting up Admin as the user for (MySQL, Postgresql, > JFFNMS, and etc.). Is there any operational reason not to do this? Set the > Security issue aside. Its good to keep things seperate for example there is no reason why the "*nix" user should be the same when it comes to MySQL, Postgres and other similar dameons. The reason being they are servers and the way to interface with them is via thier APIs. No real direct access is needed. However I do agree that the "Apache" user have the same privileges as the JFFNMS user since a lot of things will be started by apache, as well as "cron" jobs by jffnms user. At least the apache user should be in the jffnms group and that group should have "rw and possibly x" privileges for the <INSTALL-DIRECTORY>/jffnms/* files. One thing to keep in mind when it comes to Unix permissions is that when a script or binary executable is called that executable/binary takes the permissions of the user calling it. So when you are in the JFFNMS interface and click on a link that starts a script/executable they are acutally running as the "apache" user with the associated privileges. Also when cron is running make sure the cron jobs are actually being called from a specific user's crontab file. Thus you shouldn't have "jffnms" cronjobs in "root's" cron files, even though the install recommends it that way. so take all the cron entries put them in the jffnms users cron tab and remove the "jffnms" part of each line where it tries to run them as that user. I belive that the way the install crontab files are written is due to how "Vixie-Cron" runs. Hope I made some sense. > > Thanks! > > Buddy > ------------------------------------------------------- This SF.Net email is sponsored by Oracle Space Sweepstakes Want to be the first software developer in space? Enter now for the Oracle Space Sweepstakes! http://ads.osdn.com/?ad_id=7412&alloc_id=16344&op=click _______________________________________________ jffnms-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jffnms-users
