Installing Bedework: Difference between revisions

From Motorcycle Action Group Wiki
Jump to navigation Jump to search
(Created page with "== Privilege Separation == Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, th...")
 
No edit summary
Line 2: Line 2:


Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access.
Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access.
== Create Group and User ==


Create the group
Create the group

Revision as of 00:46, 4 December 2015

Privilege Separation

Bedework comes as an all in one self contained system in the style of the old school Unix days. However, given the large number of moving parts, this isn't a bad plan. In order to prevent any other processes using anything in the bedework zone of operations, and vice versa, bedework has it's own user account and group, the files all go in the bedework home directory, to which only the bedework user has access.

Create the group

  # groupadd -r bedework

Find out the gid

  # getent group bedework
  bedework:x:508:

A local system account with a home directory in /var/lib and that gid

  # useradd -r -g 508 -c "Bedework User" -d /var/lib/bedework -m -s /bin/bash bedework

Check the account

  # fgrep bede /etc/passwd
  bedework:x:542:508:Bedework User:/var/lib/bedework:/bin/bash

No need for a password, this user will be accessed either from root, or by ssh key.