tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Astrid Wagner <Astrid.Wag...@motorola.com>
Subject Re: running as diff. account
Date Thu, 24 Jul 2003 16:44:01 GMT


John Turner wrote:

>
> You're right, file ownership has nothing to do with run privileges.
>
> Can you clarify what you need?
>
> Is accountB the only account allowed to use rsh?  Or are you saying 
> that you want to use rsh to login into a remote host as accountB, but 
> accountA will launch rsh? 

OK. We allow a certain account "accountB" to be able to rsh on users 
machine with the user's account so
for example we can check their proper installation etc.
Therefore what I want to do is for example have accountB run "rsh -l 
userA userAmachine  'ls /home/userA/someDir'"
The .rhosts file of the users allow that access.
But tomcat as well as all DB related things run as a different account 
"accountA".
So how can I get accountB to run the rsh command?
I hope I did not confuse you too much ?!
Astrid

>
>
> If the latter, then use the "-l" command-line option to rsh to specify 
> the remote host account name to use, just as you would with ssh.
>
> John
>
> Astrid Wagner wrote:
>
>> Hi,
>> Can you detail the second solution a little bit:
>> I can create a shell sript with my rsh system command in it and owned by
>> accountB but it will still run as accountA when called by a servlet, 
>> won't it.
>> I am no unix expert, maybe you have an example.
>> Thanks
>> Astrid
>>
>> Ralph Einfeldt wrote:
>>
>>> There are a couple of solutions that allow you to achive that.
>>>
>>> Which solution is best, depends on your requirements.
>>>
>>> Some solutions that require a wrapper script:
>>> - script that calls rsh by super or sudo or something like that
>>> - script that is owned by accountB and has the setuid bit set
>>>   and calls the rsh command directly
>>>
>>>  
>>>
>>>> -----Original Message-----
>>>> From: Astrid Wagner [mailto:Astrid.Wagner@motorola.com]
>>>> Sent: Thursday, July 24, 2003 3:44 PM
>>>> To: tomcat-user@jakarta.apache.org
>>>> Subject: running as diff. account
>>>>
>>>> E.g All web applications etc. run as "accountA" but my web 
>>>> application needs to call a "rsh" command (via native interface) 
>>>> run as "accountB".
>>>>   
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
>>> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
>>>  
>>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org




---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message