Re: setup user rights to install software

From: Tim Haynes (usenet@stirfried.vegetable.org.uk)
Date: 03/26/02

  • Next message: RainbowHat: "Re: newB logging martians"

    From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
    Date: Tue, 26 Mar 2002 09:13:13 +0000
    
    

    Travis Casey <efindel@earthlink.net> writes:

    > Tony wrote:
    >
    >> how can i add a user to be able to install and configure apache, mysql
    >> but not make this user root?
    >>
    >> I want the user to be able to download install, and start apache, mysql
    >> with whatever username he/she chooses but do not want to give him/her
    >> root
    >
    > Most Unix software can be set up to install under a user directory, and
    > to run as that user. However, if the user isn't root, he/she won't be
    > able to bind to port 80, so apache will have to be run on another port
    > (>1024).

    Indeed. It's probably advisable in the case of these single-port services
    to use DNAT in iptables to kick port 80 up to a local high port instead;
    alternatively, you could use an existing apache or squid instance on port
    80 proxy-passing traffic for different sites back to different high ports
    where each user's apache (or other webserver of choice) listens.

    ~Tim

    -- 
      09:10:13 up 139 days, 10:50,  6 users,  load average: 0.01, 0.10, 0.05
    piglet@stirfried.vegetable.org.uk |And your radiance shines
    http://piglet.is.dreaming.org     |Like the moon of all innocent grace
    



    Relevant Pages

    • Re: Hardening a Solaris system.
      ... > I know files that execute with root permissions by normal users (e.g. ... > I've set up a web server, running Apache, so are thinking about what I ... thing to leave enabled in here might be a backup port. ... there are security steps here. ...
      (comp.unix.solaris)
    • Re: Hardening a Solaris system.
      ... > I know files that execute with root permissions by normal users (e.g. ... > I've set up a web server, running Apache, so are thinking about what I ... thing to leave enabled in here might be a backup port. ... there are security steps here. ...
      (comp.security.unix)
    • Re: Screensaver takes too much time to fade-out...
      ... but I design security protocols (e.g. co-chaired IPsec, author of HIP, ... install is NOT as bad as say XP install where you can get owned DURING ... update" as root. ... I would have say, port 1000 locally forwarded via firewall to port 22, ...
      (Fedora)
    • Re: Screensaver takes too much time to fade-out...
      ... but I design security protocols (e.g. co-chaired IPsec, author of HIP, ... install is NOT as bad as say XP install where you can get owned DURING ... update" as root. ... I would have say, port 1000 locally forwarded via firewall to port 22, ...
      (Fedora)
    • Re: Help! Upgrade from fbsd 5.4 to 8.x
      ... mysql databases, mailing lists, and a dozen hand rolled applications. ... Realize that things like apache, mysql etc. will have changed since the 5.4 ... I use some perl scripts so check if e.g. a port or system has caused ... the only thing you need to do is to install the misc/compat5x port. ...
      (freebsd-questions)