Make the cfmx user with privs to access the webserver document directory, otherwise, it is a normal user account.
At this time there is not a "recommended config" document. I should write one. Jesse Noller [EMAIL PROTECTED] Macromedia Server Development "No concept man forms is valid unless he integrates it without contradiction into the sum of his knowledge." - Ayn Rand > -----Original Message----- > From: Troy Simpson [mailto:[EMAIL PROTECTED]] > Sent: Thursday, October 10, 2002 10:58 AM > To: CF-Talk > Subject: Re: 2nd question - Run MX as nobody? > > Jesse, > > Thanks for the response. > I run this idea by our Sun Administrator. > Should we make the "cfmx" user a common user with a home directory, etc.? > Is there a recommended (possible published) method of how to configure the > system for ColdFusion MX Enterprise Server? > Or is this considered common knowledge for a Sun Administrator? > > Any other tips would be greatly appreciated. > > Thanks, > Troy > > Jesse Noller wrote: > > > Change it from the nobody user to a "cfmx" user you add to the system. > Don't use nobody if nobody does not have a shell predefined. > > > > Jesse Noller > > [EMAIL PROTECTED] > > Macromedia Server Development > > > > "No concept man forms is valid unless he > > integrates it without contradiction into the > > sum of his knowledge." > > - Ayn Rand > > > > > -----Original Message----- > > > From: Troy Simpson [mailto:[EMAIL PROTECTED]] > > > Sent: Wednesday, October 09, 2002 4:16 PM > > > To: CF-Talk > > > Subject: Re: 2nd question - Run MX as nobody? > > > > > > All, > > > > > > I was able to configure ColdFusion MX to run as the nobody user on Sun > > > Solaris 8. > > > But in order to run it I had to provide the nobody user with a shell. > > > In my case, I used the Korn Shell. > > > > > > When I set the shell for the nobody user back to: /usr/sbin/noshell > > > > > > I get the following: > > > > > > # ./coldfusion start > > > Starting ColdFusion MX... > > > Oct 9 15:59:09 huey noshell[5813]: Titan warning: user 60001 login > from a > > > disabled shell > > > > > > Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... > > > huey noshell[5813]: Titan warning: user 60001 login from a disabled > shell > > > > > > Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... > > > huey noshell[5813]: Titan warning: user 60001 login from a disabled > shell > > > > > > Message from syslogd@huey at Wed Oct 9 15:59:09 2002 ... > > > huey noshell[5813]: Titan warning: user 60001 login from a disabled > shell > > > There may be a few moments before you can access the Coldfusion MX > > > administrator. This > > > is normal. > > > There has been an error starting Coldfusion MX, please check the logs. > > > > > > I check the logs in the /opt/coldfusionmx/logs directory. The logs > are > > > empty. Nada! > > > Nothin' there. > > > > > > Apache 2.0.40 has no problem with this. > > > It is my understanding that the nobody user should not have a shell > > > assigned to for > > > security reasons. > > > This appears to be bug. > > > Am I missing something? > > > > > > Thanks, > > > Troy > > > > > > Sean A Corfield wrote: > > > > > > > Cathy Taylor wrote: > > > > >> I'm trying to evaluate our CF MX upgrade on Solaris before I turn > our > > > > >> masses loose on it. I can't run it as root and our security > > > > >> regulations forbid me from creating a new user to run it as (that > > > > >> wouldn't work anyway since our web server runs as nobody). I've > read > > > > >> the docs and modified the user to "nobody", but it won't start. > The > > > > >> error log just says 'su no shell'. Of course nobody has no shell, > but > > > > >> I'm sure it must be able to run that way. Am I missing something? > > > > > > > > I just checked one of our QA servers and we are indeed running it as > > > > nobody: > > > > > > > > nobody 24650 24648 0 Sep 30 ? 306:11 > > > > /data/www/appserver/cfusionmx/bin/cfusion -start default > > > > nobody 24648 1 0 Sep 30 ? 0:00 > > > > /data/www/appserver/cfusionmx/bin/cfusion -autorestart -start > default > > > > scorfiel 28370 28362 0 13:38:39 pts/1 0:00 fgrep cf > > > > > > > > Then I checked another one: > > > > > > > > scorfiel 23763 23758 0 13:40:03 pts/2 0:00 fgrep cf > > > > nobody 27009 27007 0 Sep 04 ? 1435:01 > > > > /data/www/appserver/neo/bin/cfusion -start default > > > > nobody 27007 1 0 Sep 04 ? 0:00 > > > > /data/www/appserver/neo/bin/cfusion -autorestart -start default > > > > > > > > Also running as nobody (that one's a production server, BTW). > > > > > > > > As far as I know, our guys just followed the installation > instructions > > > > but I'll ask them if there were any issues around the 'nobody' user. > > > > > > > > An Architect's View -- http://www.corfield.org/blog/ > > > > > > > > Macromedia DevCon 2002, October 27-30, Orlando, Florida > > > > Architecting a New Internet Experience > > > > Register today at http://www.macromedia.com/go/devcon2002 > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Signup for the Fusion Authority news alert and keep up with the latest news in ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
