Install into user's HOME directory?

On page 86 of the IDM 3.01 install guide for User App, it says that you 
shouldn't login as ROOT to install, but that the install directory goes 
into the user's home directory in the /novell/idm directory.

Now, why would you want to install something into a specific user's home 
directory for server-based software that needs writable access?

Is there a better place to install the User App to?  (/usr or 
something)?

0
m_jonis
1/22/2007 9:45:24 PM
novell.id-manager.userapp 4379 articles. 0 followers. Follow

4 Replies
439 Views

Similar Articles

[PageSpeed] 50

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Why does the software need writeable access?  Except for the logs (and
temporary files for JBoss), perhaps, I'm fairly-sure nothing does (but
I've never researched the need for writing in there personally).

Why install in the user's home directory?  Because the user has access
there by default.  There is a philosophy among most OS's (one noteworthy
exception) that software shouldn't run as a full-power user (root,
administrator, etc.).  The philosophy of least-privilege applies to all
areas of computing including servers and their services.  In this case
the IDM UserApp runs as a non-root user so it doesn't have the ability
to hose the entire system during an error.  Also, should somebody find a
vulnerability in JBoss or MySQL the entire system is not compromised by
the cracker (malicious hacker).  All good things, these are.

So a non-root user usually has the ability to write in its own home
directory (simplicity).  The location doesn't really matter but that's
as sensible a place as any I suppose.  I prefer to create a directory
that is readable by the non-root user under /var/opt/novell/userapp0
personally because I like to have all Novell stuff together but that's
just me and is not typical.

Another good reason is that /home is often partitioned off by default
and could easily be on another hard drive.  Having two drives (one for
most things and the other for the UserApp, including MySQL by default)
could increase performance because read/write operations are not waiting
on other things on the disk unless they are also part of the UserApp.

Anyway, just some ideas.

Good luck.






m_jonis wrote:
> On page 86 of the IDM 3.01 install guide for User App, it says that you 
> shouldn't login as ROOT to install, but that the install directory goes 
> into the user's home directory in the /novell/idm directory.
> 
> Now, why would you want to install something into a specific user's home 
> directory for server-based software that needs writable access?
> 
> Is there a better place to install the User App to?  (/usr or 
> something)?
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtYL37eGRNwWOK9IRAjvOAJ0RnM9AC9Xb38m+agrrQ2WRzknWUQCdGzX1
hUrCdc7s1Ju3aE3+5OvDaBo=
=InC5
-----END PGP SIGNATURE-----
0
ab
1/23/2007 3:37:56 AM
In article <oqfth.5279$Sz4.4086@prv-forum2.provo.novell.com>, 
ab@novell.com says...
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Why does the software need writeable access?  Except for the logs (and
> temporary files for JBoss), perhaps, I'm fairly-sure nothing does (but
> I've never researched the need for writing in there personally).
> 
> Why install in the user's home directory?  Because the user has access
> there by default.  There is a philosophy among most OS's (one noteworthy
> exception) that software shouldn't run as a full-power user (root,
> administrator, etc.).  The philosophy of least-privilege applies to all
> areas of computing including servers and their services.  In this case
> the IDM UserApp runs as a non-root user so it doesn't have the ability
> to hose the entire system during an error.  Also, should somebody find a
> vulnerability in JBoss or MySQL the entire system is not compromised by
> the cracker (malicious hacker).  All good things, these are.
> 
> So a non-root user usually has the ability to write in its own home
> directory (simplicity).  The location doesn't really matter but that's
> as sensible a place as any I suppose.  I prefer to create a directory
> that is readable by the non-root user under /var/opt/novell/userapp0
> personally because I like to have all Novell stuff together but that's
> just me and is not typical.

I guess that's what I meant.  Why put it into a user's home directory 
rather than /var or /usr or something so you can keep everything 
together?

I understand the "don't run as root" and all that, I just found it odd 
that they'd default to the user's home directory to run stuff from 
(server-based stuff).

Like "netware" stuff runs on sys:\system (mostly) rather than making you 
put it onto a specific user's home directory, etc.

So as long as it can be changed and it doesn't break stuff, I'll put it 
along with our other standard things rather than a specific user's home 
directory when it goes into production.

Thanks!
> 
> Another good reason is that /home is often partitioned off by default
> and could easily be on another hard drive.  Having two drives (one for
> most things and the other for the UserApp, including MySQL by default)
> could increase performance because read/write operations are not waiting
> on other things on the disk unless they are also part of the UserApp.
> 
> Anyway, just some ideas.
> 
> Good luck.
> 
> 
> 
> 
> 
> 
> m_jonis wrote:
> > On page 86 of the IDM 3.01 install guide for User App, it says that you 
> > shouldn't login as ROOT to install, but that the install directory goes 
> > into the user's home directory in the /novell/idm directory.
> > 
> > Now, why would you want to install something into a specific user's home 
> > directory for server-based software that needs writable access?
> > 
> > Is there a better place to install the User App to?  (/usr or 
> > something)?
> > 
0
m_jonis
1/23/2007 3:39:40 PM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

NetWare also isn't a multi-user OS (at the console, I mean).  Placement
of the files doesn't matter.

Good luck.





m_jonis wrote:
> In article <oqfth.5279$Sz4.4086@prv-forum2.provo.novell.com>, 
> ab@novell.com says...
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Why does the software need writeable access?  Except for the logs (and
>> temporary files for JBoss), perhaps, I'm fairly-sure nothing does (but
>> I've never researched the need for writing in there personally).
>>
>> Why install in the user's home directory?  Because the user has access
>> there by default.  There is a philosophy among most OS's (one noteworthy
>> exception) that software shouldn't run as a full-power user (root,
>> administrator, etc.).  The philosophy of least-privilege applies to all
>> areas of computing including servers and their services.  In this case
>> the IDM UserApp runs as a non-root user so it doesn't have the ability
>> to hose the entire system during an error.  Also, should somebody find a
>> vulnerability in JBoss or MySQL the entire system is not compromised by
>> the cracker (malicious hacker).  All good things, these are.
>>
>> So a non-root user usually has the ability to write in its own home
>> directory (simplicity).  The location doesn't really matter but that's
>> as sensible a place as any I suppose.  I prefer to create a directory
>> that is readable by the non-root user under /var/opt/novell/userapp0
>> personally because I like to have all Novell stuff together but that's
>> just me and is not typical.
> 
> I guess that's what I meant.  Why put it into a user's home directory 
> rather than /var or /usr or something so you can keep everything 
> together?
> 
> I understand the "don't run as root" and all that, I just found it odd 
> that they'd default to the user's home directory to run stuff from 
> (server-based stuff).
> 
> Like "netware" stuff runs on sys:\system (mostly) rather than making you 
> put it onto a specific user's home directory, etc.
> 
> So as long as it can be changed and it doesn't break stuff, I'll put it 
> along with our other standard things rather than a specific user's home 
> directory when it goes into production.
> 
> Thanks!
>> Another good reason is that /home is often partitioned off by default
>> and could easily be on another hard drive.  Having two drives (one for
>> most things and the other for the UserApp, including MySQL by default)
>> could increase performance because read/write operations are not waiting
>> on other things on the disk unless they are also part of the UserApp.
>>
>> Anyway, just some ideas.
>>
>> Good luck.
>>
>>
>>
>>
>>
>>
>> m_jonis wrote:
>>> On page 86 of the IDM 3.01 install guide for User App, it says that you 
>>> shouldn't login as ROOT to install, but that the install directory goes 
>>> into the user's home directory in the /novell/idm directory.
>>>
>>> Now, why would you want to install something into a specific user's home 
>>> directory for server-based software that needs writable access?
>>>
>>> Is there a better place to install the User App to?  (/usr or 
>>> something)?
>>>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtsQ07eGRNwWOK9IRAnKfAJ9xL28Kq+7V8J/0gavvWHvMJtwzgACeKX5r
9HFdnd+AOcYUuMMMSLLbDNo=
=Th4W
-----END PGP SIGNATURE-----
0
ab
1/24/2007 2:28:33 AM
FYI, the next version will not install into
user home directory , due to customer feedback.
-dan denton

> On page 86 of the IDM 3.01 install guide for User App, it says that you 
> shouldn't login as ROOT to install, but that the install directory goes 
> into the user's home directory in the /novell/idm directory.
> 
> Now, why would you want to install something into a specific user's 
home 
> directory for server-based software that needs writable access?
> 
> Is there a better place to install the User App to?  (/usr or 
> something)?
> 

0
DKDenton
1/29/2007 6:28:54 PM
Reply:

Similar Artilces:

Re-associate User ID's with Home Directories
Hello all, When our main server crashed, we had to restore from backup. All the volumes containing our users files were restored back into their original location and server was given the same name, but our users have lost the association between their account and home directory. We started to manually go through and re-associate the directories with the users on ConsoleOne, but this would take days. Is there a tool that could perform a batch operation for such a task? The User ID is the same as the folder name. Thanks in advance, Tim Williams If it were me, I'd...

Send Message to user's Skype' id ,MSN' Id ,Yahoo'sID or Gmail ID.
hi, i m writing a application in which i have to notify the user to his Skype' id ,MSN' Id ,Yahoo'sID or Gmail ID. Please let me know the code usign C#   Thanks Tulika. hi, what do you want to do...i mean....do you wnat to send email's or do you want to send message to the messenger. thanks, rajiv hi i want to send IM messages to online and offline users not Email. Please help me....

how to change a user's mailbox but keep the user's GW id
We have a user whose email has a space between her first name and middle name, which cause the problem in sending out email or receive email from the outside the network. Can someone advise how and where I suppose to change her email name to a valid name like firstname.middlename.lastname@xxx.com from firstname middle.lastname@xxx.com? Thank you very much! On Tue, 23 Oct 2007 15:27:51 +0000, April wrote: Duplicate. -- Joe Marton Novell Support Forum SysOp Novell does not officially monitor these forums! Use the Internet override - in ConsoleOne, GroupWise Tab, Inte...

Automatically make directories in user's home directory
How can I do this? Basically I want the equivalent of /etc/skel on linux to happen on my netware box. Specifically what I am wanting is a Favorites folder and a Desktop folder made in their home directory so I can use folder redirection to point those portions of their profiles to there. I do not want to hand make these folders in every new user's home directory. Thanks! Adam I see that those mirectories are made automatically. Although I would still be interested to know if there is some way to do an equivalent to /etc/skel because I can see that being usefull. T...

changes made from one user's webpart's page, effects all user's
 I am just doing this offline right now in Visual Web Developer Express 2008I created the login inonce in the memberpage area, people can modify their webpart page. I created several users to test this out.  I loaded it in a browser.When I make changes as logged in user "A" .  Then logout and login as user "B", user "B,s" webpart page has been changed to user "A".This goes true for whomever I log in as.  It changes for everyone.Is there something specific I need to do in order to get everyone's changes to be unique for them...

Accessing a user's home directory
Hello, I'm building a xulrunner application, and I have a need to store/ access files in a user's home directory; that is, the application may be installed system-wide, but each user will be able to store/access their own files with it. How do I reference the user's home directory in a platform-agnostic way? Thanks! John On 06/02/2007 00:46 (CET), john wrote: > Hello, > > I'm building a xulrunner application, and I have a need to store/ > access files in a user's home directory; that is, the application may > be installed system-wide...

Securing or encrypting a user's home directory
Does anyone have any experience or recommendations with products that could encrypt a user's home directory entirely, where by they would unlock it upon logging into the tree? Maybe something that integrates into the Novell client. We use NetWare 6.5 file servers but are headed towards OES2 Thanks! -- dsmi87dgf ------------------------------------------------------------------------ ...

Moving user's home directories to NSS partition
Hi all! Can I move/change my user's home directories to a NSS partition? I need to setup the user home directory when create user account, using \\server\volume at the user home directory field, in iManager. Can I do this? Anybody here has some information about? Tks, Best regards... Alan Cota. On Tue, 01 Aug 2006 00:17:54 +0000, Alan Cota wrote: Sure any user residing in eDirectory can have their home directory residing on an NSS volume, no problem. Just treat it the same way as if the volume had resided on a NetWare server. -- ___________________________...

NXserver, No .Xauthority file in user's home directory
Been trying to get nxserver running on 11.2 i386 at location A and keep getting an error on connecting from client at location B. Code: -------------------- NX> 203 NXSSH running with pid: 6439 NX> 285 Enabling check on switch command NX> 285 Enabling skip of SSH config files NX> 285 Setting the preferred NX options NX> 200 Connected to address: 72.4.183.23 on port: 22 NX> 202 Authenticating user: nx NX> 208 Using auth method: publickey /usr/bin/xauth: /usr/NX/home/nx/.Xauthority not writable, changes will be ignored HELLO NXSERVE...

Can you move User's Home Directories by Hand?
I have a need to move about 200 user's home directories from a NW5.0 server to and NW6.5 server. I was going to do it this weekend. I was searching around on Deja.com and it seems a lot of people pay a bundle to get a utility to do it. Is there anything wrong with just copying the directories from one server to another and then editing the user objects through console1 and changing it to the new loc? Obviously it will take some time, but is there any actual reason or danger invovled in just doing it this way? Thanks for your help. Hopefully, I can get it done this wee...

ifolder 2.1 and user's Home directory
Is it possible to have ifolder point to the user's H:drive? I think it would be much easier to maintain. Also easier on the users they would not have to track 2 sets of files. I know this was not available on previous versions. Can someone let me know if its been added or how to do it? Thank you. , > Is it possible to have ifolder point to the user's H:drive? I think it > would be much easier to maintain. Also easier on the users they would not > have to track 2 sets of files. I know this was not available on previous > versions. Can someone let me know i...

Boot partition's full (whoops), how do I install app's to my home partition now?
Hey, When I loaded opensuse 11.3 for the first time, I used the automatic partitioner and have been loading app's onto my ~8GB boot partition, and now that it's full, I have ~15 GB free on my home partition and need to install a few more app's to get my laptop fully functional. Is there a way (other than copying the boot partition to the home partition and then repartitioning, copying again to the repartitioned drive, and then recopying again to the freed up space) to get the new app's I install to redirect to my home partition? Thanks in advance for the help (pwweee...

User's home directory saved in Samba server not locally
Hi guys, Continuing with my assigned task of migrating the company's PCs to GNU/Linux ('openSUSE as server for GNU/Linux clients' (http://tinyurl.com/5sqzjl7)) I managed to set up a DC with roaming profiles for the few remaining Windows users, user validation and login for the openSUSE boxes and a few network shares with different rights. I know there are no roaming profiles for GNU/Linux and I can live with that but I would like to specify wich users/groups would have their home directories saved locally (notebook users) and which will save them on the Samba server...

Unable to access user control's user control's function\property from another user control
Hi, I used to call an user control's user control function as stated below from my user control in ASP.Net 1.1 wucCompany.wucEmployee.GetEmployeeSomething() After migrating to ASP.Net 2.0, I am unable to use any properties/functions(even the public ones) of the user control's User control's from another user control.  The way I have to do is create property\function in wucCompany which calls the wucEmployee's property\function and call the wucDepartment.GetEmployeeSomething().Since I need to do this change in too many places, I can...

Web resources about - Install into user's HOME directory? - novell.id-manager.userapp

Resources last updated: 11/30/2015 4:37:51 AM