All, I was able to configure ColdFusion MX to run as the nobody user on Sun Solaris 8. But in order to run it I had to provide the nobody user with a shell. In my case, I used the Korn Shell.
When I set the shell for the nobody user back to: /usr/sbin/noshell I get the following: # ./coldfusion start Starting ColdFusion MX... Oct 9 15:59:09 huey noshell[5813]: Titan warning: user 60001 login from a disabled shell Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... huey noshell[5813]: Titan warning: user 60001 login from a disabled shell Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... huey noshell[5813]: Titan warning: user 60001 login from a disabled shell Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... huey noshell[5813]: Titan warning: user 60001 login from a disabled shell There may be a few moments before you can access the Coldfusion MX administrator. This is normal. There has been an error starting Coldfusion MX, please check the logs. I check the logs in the /opt/coldfusionmx/logs directory. The logs are empty. Nada! Nothin' there. Apache 2.0.40 has no problem with this. It is my understanding that the nobody user should not have a shell assigned to for security reasons. This appears to be bug. Am I missing something? Thanks, Troy Sean A Corfield wrote: > Cathy Taylor wrote: > >> I'm trying to evaluate our CF MX upgrade on Solaris before I turn our > >> masses loose on it. I can't run it as root and our security > >> regulations forbid me from creating a new user to run it as (that > >> wouldn't work anyway since our web server runs as nobody). I've read > >> the docs and modified the user to "nobody", but it won't start. The > >> error log just says 'su no shell'. Of course nobody has no shell, but > >> I'm sure it must be able to run that way. Am I missing something? > > I just checked one of our QA servers and we are indeed running it as > nobody: > > nobody 24650 24648 0 Sep 30 ? 306:11 > /data/www/appserver/cfusionmx/bin/cfusion -start default > nobody 24648 1 0 Sep 30 ? 0:00 > /data/www/appserver/cfusionmx/bin/cfusion -autorestart -start default > scorfiel 28370 28362 0 13:38:39 pts/1 0:00 fgrep cf > > Then I checked another one: > > scorfiel 23763 23758 0 13:40:03 pts/2 0:00 fgrep cf > nobody 27009 27007 0 Sep 04 ? 1435:01 > /data/www/appserver/neo/bin/cfusion -start default > nobody 27007 1 0 Sep 04 ? 0:00 > /data/www/appserver/neo/bin/cfusion -autorestart -start default > > Also running as nobody (that one's a production server, BTW). > > As far as I know, our guys just followed the installation instructions > but I'll ask them if there were any issues around the 'nobody' user. > > An Architect's View -- http://www.corfield.org/blog/ > > Macromedia DevCon 2002, October 27-30, Orlando, Florida > Architecting a New Internet Experience > Register today at http://www.macromedia.com/go/devcon2002 > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm
