Discussion:
[Mojolicious] Executing tasks in the backend ?
Luc Larochelle
2018-11-07 19:18:33 UTC
Permalink
Hi Everyone,

Given that application X is owned by it's generic user (userX) and that a
Webapp is owned by another generic user(Y), what's the best way to share
permissions between the users so that application X can be called by a a
request to the WebApp ?

Also, is it a good thing to separate applications from the Webapp in
distinct users , or should it all be part of a whole ?

Your advice and comments will be very appreciated.

Cheers,

Luc
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Stefan Adams
2018-11-08 03:19:49 UTC
Permalink
Post by Luc Larochelle
Hi Everyone,
Given that application X is owned by it's generic user (userX) and that a
Webapp is owned by another generic user(Y), what's the best way to share
permissions between the users so that application X can be called by a a
request to the WebApp ?
Is the primary question about the best way to handle permissions between
two users? IMO, either put both users in the same group, or use extended
ACLs <https://wiki.archlinux.org/index.php/Access_Control_Lists>. I used
to use them quite a bit when I managed file servers with Samba and it was
great!
Post by Luc Larochelle
Also, is it a good thing to separate applications from the Webapp in
distinct users , or should it all be part of a whole ?
I think the general rule of thumb is separations are good, but of course
you need something in place to allow exchange of information. ACLs work.
Other things could work, too. But ACLs proly easiest. Best answer proly
depends on a lot...

The objective to what you're asking, of course, is if one of your systems
gets hacked, the other shouldn't be affected. If the system A gets hacked
with user A, system B with user B will be "protected". Is system A and
system B both use user C, a breach of system A *or* system B would effect
the other.
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Luc Larochelle
2018-11-08 19:42:10 UTC
Permalink
Thanks for replying. So it's the never ending story of permissions, facl,
groups, security concepts ... I prefer coding !

I'm using group permissions to have the WebApp user execute a program from
another user. So far so good, but not perfect. I even tried to play with
the visudo config, but this got complicated ...

Luc
Post by Stefan Adams
Post by Luc Larochelle
Hi Everyone,
Given that application X is owned by it's generic user (userX) and that a
Webapp is owned by another generic user(Y), what's the best way to share
permissions between the users so that application X can be called by a a
request to the WebApp ?
Is the primary question about the best way to handle permissions between
two users? IMO, either put both users in the same group, or use extended
ACLs <https://wiki.archlinux.org/index.php/Access_Control_Lists>. I used
to use them quite a bit when I managed file servers with Samba and it was
great!
Post by Luc Larochelle
Also, is it a good thing to separate applications from the Webapp in
distinct users , or should it all be part of a whole ?
I think the general rule of thumb is separations are good, but of course
you need something in place to allow exchange of information. ACLs work.
Other things could work, too. But ACLs proly easiest. Best answer proly
depends on a lot...
The objective to what you're asking, of course, is if one of your systems
gets hacked, the other shouldn't be affected. If the system A gets hacked
with user A, system B with user B will be "protected". Is system A and
system B both use user C, a breach of system A *or* system B would effect
the other.
--
You received this message because you are subscribed to the Google Groups "Mojolicious" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mojolicious+***@googlegroups.com.
To post to this group, send email to ***@googlegroups.com.
Visit this group at https://groups.google.com/group/mojolicious.
For more options, visit https://groups.google.com/d/optout.
Loading...