using seperate ids for developers and administrators

Posted on 2009-12-29
Last Modified: 2013-12-27
Hello experts,

Currently i have an id called "wasadmin" to administer WebSphere . But this id is being used by developers also . We want to stop the developers from using this id (sharing the password) and instead use their own id, so that they have read access to log files and config files, and other websphere files. So i have created another id "wasdev". and took out the write permissions for "others" on all websphere files.

But i need the developer to use the "wasdev" id for deploying code also which will require write and execute permission. I know sudo is one solution where wasdev can sudo to wasadmin id .

Is there any other way of implementing where by "wasdev" cannot become wasadmin via sudo but still can deploy code . The OS is Sun Solaris 10.

Appreciate your inputs.

Thanks !
Question by:wasadmin11
    LVL 4

    Accepted Solution

    Make them all members of the same group.  Make file and directory access 775. Make wasadmin owner of the files and directories, and add chmod +t so that only wasadmin can delete files.
    LVL 2

    Author Comment

    Thanks for your quick response. and solution . It looks very good !

     Got a small doubt. Should i remove execute permission for the group since wasdev may be able to run websphere commands too ?  If i remove execute permission for the group would "wasadmin" be affected in anyway

    (My aim is that wasadmin should be the only user who can run any websphere related command and wasdev id should be able to install code, make config changes   , read logs but not be able to run any websphere commands like or
    LVL 2

    Author Comment

    also wasdev should not be able to delete any files (which chmod + t ) will take care of .
    LVL 4

    Expert Comment

    If i remove execute permission for the group would "wasadmin" be affected
    Change permissions to 0764 for files so that: owner wasadmin had read/write/execute
                                                                             group members have read/write
                                                                             others have read, or possibly 5 if read and execute is needed.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
    FreeBSD on EC2 FreeBSD ( is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now