wasadmin11
asked on
using seperate ids for developers and administrators
Hello experts,
Currently i have an id called "wasadmin" to administer WebSphere . But this id is being used by developers also . We want to stop the developers from using this id (sharing the password) and instead use their own id, so that they have read access to log files and config files, and other websphere files. So i have created another id "wasdev". and took out the write permissions for "others" on all websphere files.
But i need the developer to use the "wasdev" id for deploying code also which will require write and execute permission. I know sudo is one solution where wasdev can sudo to wasadmin id .
Is there any other way of implementing where by "wasdev" cannot become wasadmin via sudo but still can deploy code . The OS is Sun Solaris 10.
Appreciate your inputs.
Thanks !
Currently i have an id called "wasadmin" to administer WebSphere . But this id is being used by developers also . We want to stop the developers from using this id (sharing the password) and instead use their own id, so that they have read access to log files and config files, and other websphere files. So i have created another id "wasdev". and took out the write permissions for "others" on all websphere files.
But i need the developer to use the "wasdev" id for deploying code also which will require write and execute permission. I know sudo is one solution where wasdev can sudo to wasadmin id .
Is there any other way of implementing where by "wasdev" cannot become wasadmin via sudo but still can deploy code . The OS is Sun Solaris 10.
Appreciate your inputs.
Thanks !
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
also wasdev should not be able to delete any files (which chmod + t ) will take care of .
If i remove execute permission for the group would "wasadmin" be affected
No
Change permissions to 0764 for files so that: owner wasadmin had read/write/execute
group members have read/write
others have read, or possibly 5 if read and execute is needed.
No
Change permissions to 0764 for files so that: owner wasadmin had read/write/execute
group members have read/write
others have read, or possibly 5 if read and execute is needed.
ASKER
Got a small doubt. Should i remove execute permission for the group since wasdev may be able to run websphere commands too ? If i remove execute permission for the group would "wasadmin" be affected in anyway
(My aim is that wasadmin should be the only user who can run any websphere related command and wasdev id should be able to install code, make config changes , read logs but not be able to run any websphere commands like startServer.sh or stopServer.sh)