On 07 Jan 2001 21:23:02 +0100, Nils Frohberg wrote:
> Yes, but sudo will still run orion with UID 0. This will not improve security. Then
>you might as well make a group called 'orion', and put all the users that need access
>to orion into this group. Change the dir/file perms so that it is read/writable for
>these users.
>
> If you try to get orion to run non-root because of security, follow the example on
>orionsupport.
>
> --nils
The issue was being able to have many users stop and start Orion on port
80 frequently, not access to files. For restricting access to files and
other resources from Orion, I think the Java solution would be
customized Java policy files, but those are tricky to get right. sudo
is a straightforward solution to the problem, which will work on any
UNIX platform that can get or build a copy of sudo (which is any).
Scott
>
> Scott M. Stirling([EMAIL PROTECTED])@Sun, Jan 07, 2001 at 01:49:15PM -0500:
> > I think there is a better solution than using ipchains (which I'm not
> > sure is supported anywhere but on Linux, and is bound to incurr some
> > overhead, though I'm not sure if it would be significant), or at least
> > an alternative.
> >
> > Install sudo if you haven't already. You have to configure sudo with
> > the names/groups of users and their permissions. What sudo does is
> > allow non-root users to execute super user commands and temporarily
> > attain super user privileges for the purpose of executing commands. You
> > can have users enter a password to use sudo, or you can configure sudo
> > to allow users/groups to use it without a password. In any case, make
> > sure the actual root password and the sudo password are different, that
> > way no one needs to know the root password except root. To use sudo,
> > once installed, you just prefix sudo to any command in order to use it:
> >
> > sudo reboot
> > sudo java -jar orion.jar
> > etc.
> >
> > http://www.courtesan.com/sudo/
