Authorizing users to deploy own apps, while protecting other's apps.

[DanielSwan]

I'm a Unix SA that has been asked to setup tomcat for our developers. I've got Tomcat setup and running, and have sucessfully deployed a single .war file. Having gotten that far, I want to secure things.

There are several different application-groups that wish to use Tomcat, each with several different web-apps that they will wish to redeploy regularly.

How do I set up tomcat so that separate teams have sufficient access to deploy their own applications, yet not have sufficient access to undeploy (or otherwise interfere with other applications.)

Any help appreciated,
Dan.

 

[sedj]

I'm guessing this is a non-live system ...

Do you really distrust your developers, in a development environment, that you fear they will 'interfere' with other webapps ?

--------------------------------------------------
Free Java/J2EE Database Connection Pooling Software

http://www.primrose.org.uk

 

[DanielSwan]

Sedj, I don't know what you mean by "Non-live". It is a development server that a community of developers depend on to do their work.

It is not a matter of "Distrusting developers", it is a matter of access control and security.

Did you have any helpful advice to offer?

 

[sedj]

non-live means a "not live", "not in production" or "not viewable, or usuable by an group of people that are not developing the application".

It is not a matter of "Distrusting developers", it is a matter of access control and security.

I'm sorry, but my definition of a security requirement is to stop people trying to do something you do not wish them to do, where they have a malicious intent.

If it is a dev server, then I ask again .... do you really think that other developers will be trying to maliciously interfere with other developer's webapps ?

Did you have any helpful advice to offer?

Well I reckon I already have - perhaps a lesson in trust though, not a technical suggestion.
Though, if you REALLY do not trust people ... then you could create a bunch of CATALINA_BASE environments, each with a specific OS user, with locked down permissions, so they can do what they want in their own env.




--------------------------------------------------
Free Java/J2EE Database Connection Pooling Software

http://www.primrose.org.uk

 

[DanielSwan]

Sedj, no one is accusing you, or your fellow developers of malicious conduct or intent. It seems intuitive to me that there's a professional obligation to protect the integrity of user's data, and grant access on an as-needed basis.

Obviously, there is a great cultural, subcultural, and corporatecultural gap between you and I.

If I were a developer, I would not want developers not on my team having indicriminate access to read, impact, or change my work.

In any case, your suggestion on "separate catalina base" environments is at least a little useful, and points me in the direction of which TFM to R.

Much moreso than misguided lessons in "Trust", at least.