Shell Access Permission and NGASI AppServer Manager

Shell Access Permission and NGASI AppServer Manager - Linux

Tagged in : Linux

In Linux a user must have shell access permissions to set environment variables.If a user wants to run java and application server under his ownership (private JVM) he must set environment variables like JAVA_HOME,CATALINA_BASE etc. For this reason the user who wants to run private JVM must assign be shell other than /sbin/nologin (in cpanel other than /usr/local/cpanel/bin/nologin),he must be assigned to shells like /bin/bash or /bin/sh

NGASI AppServer Manager is a control panel used for running private JVM for each user.NGASI AppServer Manager can be used as a addon with cpanel/WHM . The cpanel/WHM user can be given permission to run private JVM through NGASI AppServer Manager.But to run private JVM cpanel/WHM user must have shell access permission enable ( this will assign /bash/bin shell to user, so environment variables can be set by NGASI AppServer Manager for a user ) . Here comes the security issue : If a user have shell access permission ( assigned to shells like /bin/bash ),he can login to server through ssh . The solution is : Since the shell access for a user is needed only for internel-process( for setting environment variables ),the remote access through ssh can be disabled by editing the sshd server configuartion file ( /etc/ssh/sshd_conf ) and make entery like AllowUsers root (this will make only root be logged-in through ssh ).A user eventhough assinged to /bin/bash shell,he cannot access server remotly.

Note : In cpanel based shared JVM environment,the JVM runs under the user tomcat.The user tomact is assigned to /bin/bash shell ( we see this by opening the file /etc/passwd),so we must make sure that user tomcat must not be accessed from remotly through ssh,to avoid security issues.

By Selva, On - 2009-02-10

PreviousNext