Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 305
  • Last Modified:

using seperate ids for developers and administrators

Hello experts,

Currently i have an id called "wasadmin" to administer WebSphere . But this id is being used by developers also . We want to stop the developers from using this id (sharing the password) and instead use their own id, so that they have read access to log files and config files, and other websphere files. So i have created another id "wasdev". and took out the write permissions for "others" on all websphere files.

But i need the developer to use the "wasdev" id for deploying code also which will require write and execute permission. I know sudo is one solution where wasdev can sudo to wasadmin id .

Is there any other way of implementing where by "wasdev" cannot become wasadmin via sudo but still can deploy code . The OS is Sun Solaris 10.

Appreciate your inputs.

Thanks !
0
wasadmin11
Asked:
wasadmin11
  • 2
  • 2
1 Solution
 
already_usedCommented:
Make them all members of the same group.  Make file and directory access 775. Make wasadmin owner of the files and directories, and add chmod +t so that only wasadmin can delete files.
0
 
wasadmin11Author Commented:
Thanks for your quick response. and solution . It looks very good !

 Got a small doubt. Should i remove execute permission for the group since wasdev may be able to run websphere commands too ?  If i remove execute permission for the group would "wasadmin" be affected in anyway

(My aim is that wasadmin should be the only user who can run any websphere related command and wasdev id should be able to install code, make config changes   , read logs but not be able to run any websphere commands like startServer.sh or stopServer.sh)
0
 
wasadmin11Author Commented:
also wasdev should not be able to delete any files (which chmod + t ) will take care of .
0
 
already_usedCommented:
If i remove execute permission for the group would "wasadmin" be affected
No
Change permissions to 0764 for files so that: owner wasadmin had read/write/execute
                                                                         group members have read/write
                                                                         others have read, or possibly 5 if read and execute is needed.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now