Thanks for replying. So it's the never ending story of permissions, facl, groups, security concepts ... I prefer coding !
I'm using group permissions to have the WebApp user execute a program from another user. So far so good, but not perfect. I even tried to play with the visudo config, but this got complicated ... Luc On Wednesday, 7 November 2018 22:20:02 UTC-5, Stefan Adams wrote: > > > > On Wed, Nov 7, 2018 at 1:18 PM Luc Larochelle <[email protected] > <javascript:>> wrote: > >> Hi Everyone, >> >> Given that application X is owned by it's generic user (userX) and that a >> Webapp is owned by another generic user(Y), what's the best way to share >> permissions between the users so that application X can be called by a a >> request to the WebApp ? >> > > Is the primary question about the best way to handle permissions between > two users? IMO, either put both users in the same group, or use extended > ACLs <https://wiki.archlinux.org/index.php/Access_Control_Lists>. I used > to use them quite a bit when I managed file servers with Samba and it was > great! > > >> Also, is it a good thing to separate applications from the Webapp in >> distinct users , or should it all be part of a whole ? >> > > I think the general rule of thumb is separations are good, but of course > you need something in place to allow exchange of information. ACLs work. > Other things could work, too. But ACLs proly easiest. Best answer proly > depends on a lot... > > The objective to what you're asking, of course, is if one of your systems > gets hacked, the other shouldn't be affected. If the system A gets hacked > with user A, system B with user B will be "protected". Is system A and > system B both use user C, a breach of system A *or* system B would effect > the other. > -- You received this message because you are subscribed to the Google Groups "Mojolicious" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/mojolicious. For more options, visit https://groups.google.com/d/optout.
