Hi Harald,
Thank you so much to guide to correct path and let me know how to move on, learn more from you. Indeed I am a developer not an admin, that's a good question for the headers of my company why there is no admin to manage the server in our company. Anyway this can not controlled by me, I am a developer leader just want to make sure my team member do correct things in server. I really like linux especially CentOS, I want learn more from you. Thank you again.
Best Regards.
On 08/09/2012 03:14 AM, Reindl Harald wrote:
Am 08.08.2012 21:07, schrieb Heng Su:
OK, assuming there is an jboss application server running under user 'jboss' in PRD server, and we have 4 developers want to update the jar file in that server.
look in the manuals for sftp / chroot and bind-mounts
they always login use same user 'jboss' to do updating file in server, how can I tell which guy doing what things cause the server down as they use same user account 'jboss'?
WHY do they user the same acount?
So I don't know how should I do as I am a shoddy server admin, so I use root to maintain the application server. then create 4 account in server for individual developer. So if they want copy, move or other operations on those deploy folder or files. Let them use sudo. Now I got all commands they did in /var/log/secure
a DEVELOPER has not to get sudo or even any shell to update any files - never, really never
they have only to update files and if needed get WEB-APLICATIONS with cron-jobs behind to call CAREFUL DEFINED specific commands
if you give different people sudo/root permeissions because you are missing the knowledge how to maintain a server in a secure way you are the wrong person with the wrong job
how comes taht you ignore all teh security-news at least of the recent two years? how comes that there is nobody in your comanpy with the knowledge a admin needs?