subject:"\[Mojolicious\] Executing tasks in the backend \?"

Re: [Mojolicious] Executing tasks in the backend ?

2018-11-08 Thread Luc Larochelle

Thanks for replying. So it's the never ending story of permissions, facl, 
groups, security concepts ... I prefer coding !

I'm using group permissions to have the WebApp user execute a program from 
another user. So far so good, but not perfect. I even tried to play with 
the visudo config, but this got complicated ...

Luc

On Wednesday, 7 November 2018 22:20:02 UTC-5, Stefan Adams wrote:
>
>
>
> On Wed, Nov 7, 2018 at 1:18 PM Luc Larochelle  > wrote:
>
>> Hi Everyone,
>>
>> Given that application X is owned by it's generic user (userX) and that a 
>> Webapp is owned by another generic user(Y), what's the best way to share 
>> permissions between the users so that application X can be called by a a 
>> request to the WebApp ?
>>
>
> Is the primary question about the best way to handle permissions between 
> two users?  IMO, either put both users in the same group, or use extended 
> ACLs .  I used 
> to use them quite a bit when I managed file servers with Samba and it was 
> great!
>  
>
>> Also, is it a good thing to separate applications from the Webapp in 
>> distinct users , or should it all be part of a whole ? 
>>
>
> I think the general rule of thumb is separations are good, but of course 
> you need something in place to allow exchange of information.  ACLs work.  
> Other things could work, too.  But ACLs proly easiest.  Best answer proly 
> depends on a lot... 
>
> The objective to what you're asking, of course, is if one of your systems 
> gets hacked, the other shouldn't be affected.  If the system A gets hacked 
> with user A, system B with user B will be "protected".  Is system A and 
> system B both use user C, a breach of system A *or* system B would effect 
> the other.
>

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Executing tasks in the backend ?

2018-11-07 Thread Stefan Adams

On Wed, Nov 7, 2018 at 1:18 PM Luc Larochelle  wrote:

> Hi Everyone,
>
> Given that application X is owned by it's generic user (userX) and that a
> Webapp is owned by another generic user(Y), what's the best way to share
> permissions between the users so that application X can be called by a a
> request to the WebApp ?
>

Is the primary question about the best way to handle permissions between
two users?  IMO, either put both users in the same group, or use extended
ACLs .  I used
to use them quite a bit when I managed file servers with Samba and it was
great!

> Also, is it a good thing to separate applications from the Webapp in
> distinct users , or should it all be part of a whole ?
>

I think the general rule of thumb is separations are good, but of course
you need something in place to allow exchange of information.  ACLs work.
Other things could work, too.  But ACLs proly easiest.  Best answer proly
depends on a lot...

The objective to what you're asking, of course, is if one of your systems
gets hacked, the other shouldn't be affected.  If the system A gets hacked
with user A, system B with user B will be "protected".  Is system A and
system B both use user C, a breach of system A *or* system B would effect
the other.

-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.

[Mojolicious] Executing tasks in the backend ?

2018-11-07 Thread Luc Larochelle

Hi Everyone,

Given that application X is owned by it's generic user (userX) and that a 
Webapp is owned by another generic user(Y), what's the best way to share 
permissions between the users so that application X can be called by a a 
request to the WebApp ?

Also, is it a good thing to separate applications from the Webapp in 
distinct users , or should it all be part of a whole ? 

Your advice and comments will be very appreciated.

Cheers,

Luc


-- 
You received this message because you are subscribed to the Google Groups 
"Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to mojolicious+unsubscr...@googlegroups.com.
To post to this group, send email to mojolicious@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.

Re: [Mojolicious] Executing tasks in the backend ?

Re: [Mojolicious] Executing tasks in the backend ?

[Mojolicious] Executing tasks in the backend ?

3 matches

Site Navigation

Mail list logo

Footer information