Don't require root privileges for anything than initial setup/installation #175
Comments
|
If you execute commands as the specified user root should not need to be used. As far as I remember root is only used to Of course if there are commands that still require root despite being the correct user they should have a reason to require that. It was never my intention to overuse root. Generally however I'm in agreement with you that permissions are something that can always use more attention, restriction and locking down. |
|
I, for one, would love the ability to add to the list of users able to use the msm commands. Perhaps designate a group instead of one particular user to handle everything? Any user in group "msm" can do what user "minecraft" can do. |
In principle, I like MSM. Just a comment on why I won't use MSM on my Debian production server (and why won't use it at all):
In http://msmhq.com/docs/installation.html every single command is prefixed with
sudo. I'm fine with initially placing files such asmsmto/usr/local/binasroot. However, I am not fine with having to run every single msm-related command asroot, nor do I want to try out myself which one can be run as unprivileged (e.g.minecraft) user and which ones not. When following the installation instructions, I tried to leave it outsudowhere I could, but too often I got an error message such ascommand must be run as root. I see that internallymsmtries to use an unprivileged user as often as possible, but this does not change the fact that the entire security concept is wrong from the beginning whenmsmis often required to be invoked with root privileges. This opens the door to a massive spectrum of security problems and might provoke unwanted damage to the system.Do not force users to invoke
msmas root, ever, after having it installed!The text was updated successfully, but these errors were encountered: