On Nov 17, 2010, at 6:03 AM, Kieran Kelleher wrote: > Hi all, > > Like many of you, I have custom scripts that use ssh to deploy woa apps. > Scripts issue remote commands via ssh and script exec user's id_dsa has > corresponding id_dsa.pub in the remote server's auth keys for admin and root. > The problem is that root (apparently) is needed to set the chown on the woa > bundles to appserver:appserveradm, however I would like to get away from > needing root user remote ssh commands for security reasons. > > Assuming you all use chown of appserver:appserveradm and chmod of 550 on your > deployed woa bundles (are you?), then the question is with respect to > non-interactive, passwordless, secure remote deployment (copy, untar, chown, > chmod) of WOAs, what user/ssh setup are you all using besides r...@remote, or > is r...@remote the only way? > > Regards, Kieran
You can also create copies of the chown and chmod with the SUID bit set: http://en.wikipedia.org/wiki/Setuid. So instead of your script doing a chmod, you would call (making up a name) chmodappserver. Chuck -- Chuck Hill Senior Consultant / VP Development Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems. http://www.global-village.net/products/practical_webobjects
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-deploy mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-deploy/archive%40mail-archive.com This email sent to [email protected]
