Java Reference
In-Depth Information
(well,
sudo
lets you limit it, but a mistake can be fatal—consider what happens
if you let them run a program that lets them escape to a shell). So, for example,
if you want to let the Web services group install and maintain JBoss, but you
don't want them to mess with any standard software on the system, then create
a separate place for nonsystem software.
Two common places for such software on Linux systems are
/opt
and
/usr/local
. We tend to use
/usr/local
mainly because this is the default
path on an awful lot of software that uses
autoconf
to handle cross-platform
compilation (it is used by the majority of Free Software programs, but excep-
tions include what are arguably the four most widely used Free Software pack-
ages: the Linux kernel, the Apache Web server, the Perl language, and
XFree86). So we are going to install JBoss under
/usr/local
and we are going
to give a number of users the power to install and manage software in
/usr/local
.
You will need to be
root
to carry out this procedure. Here are the
steps—but don't worry, we'll pad them out with a lot of ponderous
explanation:
1.
Create the group.
Groups are defined in the file
/etc/group
. Each line in that file
defines a group. Each line is of the form:
GroupName:x:GroupID:GroupMembers
GroupName
is the name of the group. It is the group name that shows
up in long form
ls
output. The second field is for the group's password.
If we may confess, we don't know if this feature works anymore. You used
to be able to specify a group password, but this defeats the whole purpose
of not sharing passwords. Sharing passwords is a security risk. Don't do
it. The third field is the group ID number. Remember that files have
owning users and owning groups. These are both stored as numbers. User
numbers are known as
uid
s and group numbers as
gid
s. These numbers
should be unique. If you reuse a number for more than one group, the
effect could be indeterminate, since it would depend on how a given pro-
gram was written. Don't reuse numbers. The final column is a comma-
delimited list of user names. Those named users are said to belong to the
group. We'll talk some more about what that means as we go on.
