[Glass] How to apply proper file permissions and don't fail?
James Foster
james.foster at gemtalksystems.com
Thu Nov 28 10:55:56 PST 2013
On Nov 28, 2013, at 5:04 PM, Mariano Martinez Peck <marianopeck at gmail.com> wrote:
> In my current setup (before Gemstone, that is, Pharo app), I have 2 things: lots of folders and files that my app must access/write. Those files are under a permission of user AppX.
> Then my pharo image is started also with a AppX user.
>
> Now when I installed GemStone, I realized I installed it using "marianopeck" user. So first thing I should do is to re-install gemstone again and use AppX. Right?
I guess. Or you could muck with your permissions and groups so that the GemStone user (‘marianopeck’) has read/write access to the files and folders in question.
> Second question is if GemStone could be installed and run with a normal (none sudo access) user. Is that possible? (I mean, everything ,stating gemstone, netldi, etc)
Yes, this is the way I typically run. I believe that the only reason to ever install GemStone as root is if you want to be able to have NetLDI start Gem processes as another OS user (only root can do this). If you remember to start NetLDI in guest mode with the current user (-g -a $USER), then you can run as whatever user you like and all the Gems will be run as that user.
> If true, I guess I just need to previously create /opt/gemstone and give access to it (so that to use the installGemStone.sh). And then run installGemStone.sh with AppX user?
>
> Finally, I was reading the sysadmin guide, and there is section "To Set File Permissions for the Server" which recommends about having 2 types of users: gsadmin and gsgroup. Then there is also "To Set Ownership and Permissions for Session Processes". So...those sections fired up this thread.
That section of the System Administration Guide gives a good description of how to provide the best-possible security and makes sense if you have a host that is being shared by many people and runs many different applications. If you have a machine dedicated to GemStone with only one account and it is used to run everything GemStone related, then there is little reason to protect the GemStone files and resources from other users.
James
More information about the Glass
mailing list