tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: [POLL] Finer-grained "manager" user-access privileges?
Date Fri, 08 Jun 2012 17:02:26 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/06/2012 19:37, Christopher Schultz wrote:
> All,
> 
> I was just answering a question on StackOverflow[1] about limiting
> the operations a particular user could perform when using the
> manager app (e.g. deploy, undeploy, start, stop, etc.).
> 
> It seems to me that this has come up on the users' list once or
> twice in the past, and it wouldn't be a big deal to support this
> kind of thing right out of the box by just defining a number of
> additional roles such as:
> 
> manager-gui-deploy manager-gui-undeploy manager-gui-start etc.
> 
> Is there any interest in doing something like this? My general
> feeling is that manager access should either be allowed read-only
> (which is covered by the "manager-status" role) or full read/write
> (which is covered by the "manager-gui" and "manager-sript" roles)
> because hey, you should trust your managers or fire them ;)

+1. I'm not a fan of making things more complicated by default. There
is plenty that can be done via additional configuration if desired.

Mark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP0jAiAAoJEBDAHFovYFnntA8P/3Wruj3s9T4ERK95RD+8o5lD
qjhn38VXZj/a1mj13VGpzmh4GUfEeiMuAN4g3PparqB3uYTost7245wfFRhJgmx2
c5bQCFJHXxLgYZ3AxZGqEoXmc5V1cBUvgRdBYcaXdz6h8A3yTi6JLF+xfh0tHce9
nYM2rS79zCy1NbveLFKzTB70wjU34zhlE9m5maKF6JJD+Y2Sasws+OJfmriuyZ1p
q9NWCn32U/wLQkDcD7Q1f7zaxWLMMTZvGuuKECwWnHJ/QrT6At65ZYyQdO67/2Lh
vax2EsqR9eYqxwoZNoKMNVRRjj0qLUv4B6LxVKH75oZCphyCZrHbsexMWrM7fCTV
oEjbJ6RSua41npxVRBVKPDxUlauyDpN1wwkRw3fO2bQYFB39T6bgRM4JP+Gu1i61
fLxF06sPGcK6e66rlvd3czL45z9R/5Os7TQ/gFXkhsUaQNIAmBB0JFEIV1wqs8a4
6DBWvxveQCQwcYb2vP3st2PnpZg04O6vH7h91JQC2+Cj3K3zxxO2yt12l8Hhzy2R
MCEuOUeHJq5iDBuHay14su/hl1nDeZWR4tpOgZUYj6jSdQz1tlrKRz0A1cO3oMj4
hlR8UohnEpLn/drwIyFUuZr4/7DIrB5yFUh78um/qlMN9xfwXpSavzhrP/83jUPS
nD38ZvY1bjXwOHTcMhQA
=wLL6
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message