tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Eggers <its_toas...@yahoo.com>
Subject Re: [POLL] Finer-grained "manager" user-access privileges?
Date Fri, 08 Jun 2012 17:54:17 GMT
----- Original Message -----

> From: Mark Thomas <markt@apache.org>
> To: Tomcat Users List <users@tomcat.apache.org>
> Cc: 
> Sent: Friday, June 8, 2012 10:02 AM
> Subject: Re: [POLL] Finer-grained "manager" user-access privileges?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 07/06/2012 19:37, Christopher Schultz wrote:
>>  All,
>> 
>>  I was just answering a question on StackOverflow[1] about limiting
>>  the operations a particular user could perform when using the
>>  manager app (e.g. deploy, undeploy, start, stop, etc.).
>> 
>>  It seems to me that this has come up on the users' list once or
>>  twice in the past, and it wouldn't be a big deal to support this
>>  kind of thing right out of the box by just defining a number of
>>  additional roles such as:
>> 
>>  manager-gui-deploy manager-gui-undeploy manager-gui-start etc.
>> 
>>  Is there any interest in doing something like this? My general
>>  feeling is that manager access should either be allowed read-only
>>  (which is covered by the "manager-status" role) or full 
> read/write
>>  (which is covered by the "manager-gui" and 
> "manager-sript" roles)
>>  because hey, you should trust your managers or fire them ;)
> 
> +1. I'm not a fan of making things more complicated by default. There
> is plenty that can be done via additional configuration if desired.
> 
> Mark


I'm also not seeing a clear use case that couldn't solved by running virtual hosts or separate
Tomcat instances. I'm not one to rain on a person's parade, but I guess in light of additional
configuration complexity, I'd like to see a clear use case that couldn't be solved with the
existing setup plus virtual hosts or multiple Tomcats.

. . . just a beleaguered systems person who likes all boxes to look the same.
/mde/

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message