Installing Bedework: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== Privilege Separation == Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, th...") |
No edit summary |
||
Line 2: | Line 2: | ||
Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access. | Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access. | ||
Create the group | Create the group |
Revision as of 00:46, 4 December 2015
Privilege Separation
Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access.
Create the group
# groupadd -r bedework
Find out the gid
# getent group bedework bedework:x:508:
A local system account with a home directory in /var/lib and that gid
# useradd -r -g 508 -c "Bedework User" -d /var/lib/bedework -m -s /bin/bash bedework
Check the account
# fgrep bede /etc/passwd bedework:x:542:508:Bedework User:/var/lib/bedework:/bin/bash
No need for a password, this user will be accessed either from root, or by ssh key.