activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Tully <gary.tu...@gmail.com>
Subject Re: World-writable KahaDB files?
Date Wed, 02 May 2012 22:40:20 GMT
You can change the perms to be more restrictive so long as the user id
of the broker java process can access them.

it makes total sense to have a specific user identity to run the
broker and restrict access to just that user for the data directory.

There is some support for this in the current activemq script on
trunk. See the ACTIVEMQ_USER env property.

On 2 May 2012 17:09, justintime <justin@techadvise.com> wrote:
> It really makes me nervous knowing that anyone with any filesystem access to
> my ActiveMQ machine can delete, overwrite, or corrupt my KahaDB files.
> While we as users should do our best to secure our servers, I don't see why
> 666 perms are needed on the db files and 777 perms are needed on the parent
> directories.
>
> Is there a reason why they are created this way by ActiveMQ?  Is there a way
> to restrict those permissions to something a little more restrictive without
> compromising functionality?
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/World-writable-KahaDB-files-tp4603663.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.



-- 
http://fusesource.com
http://blog.garytully.com

Mime
View raw message