My current situation:
- company with AD infrastructure
- at least 3 considered linux application servers SLES11
- no AD logins for linux
- on each exists one local user
- every developer uses this user to checkout source code, do temporary modifications or start/stop services
So the problems I see:
- disregard advantages of existing AD infrastrucutre
- weak password for this local user
- no password policy for local linux users
- local user stays the same even after external colleagues
- at least no access control because user/password exists for years
To improve security I thought about connecting the linux server to AD. I got it work and whitelisted just a specific AD group to login. So every developer in this group has it's own user on the server. I thought about change the former local user into a service users for the application processes. So nobody can login with this user anymore.
Is this a good idea? Are there any common/best practice methods to deal with that problem.
Now I face file permission problems. But I didn't started solving it. Somehow I have to assure that all files are accessiable by the local user. (no 777)
It should be a method where I necessarily not run into file permission problems in the future because these are critical production services.
Aucun commentaire:
Enregistrer un commentaire