< Zurück | Inhalt | Weiter >

20.3.1 Nonroot-Installed Software

The problem with all of the power-sharing strategies we outlined earlier is that once the user escalates to root, there is no way to limit what he or she can do


image

4. Some folks pronounce this “ess-you doo,” and some “pseudo.” Whatever floats your boat.


(well, sudo lets you limit it, but a mistake can be fatal—consider what happens if you let them run a program that lets them escape to a shell). So, for example, if you want to let the Web services group install and maintain JBoss, but you don’t want them to mess with any standard software on the system, then create a separate place for nonsystem software.

Two common places for such software on Linux systems are /opt and

/usr/local. We tend to use /usr/local mainly because this is the default path on an awful lot of software that uses autoconf to handle cross-platform compilation (it is used by the majority of Free Software programs, but excep- tions include what are arguably the four most widely used Free Software pack- ages: the Linux kernel, the Apache Web server, the Perl language, and XFree86). So we are going to install JBoss under /usr/local and we are going to give a number of users the power to install and manage software in

/usr/local.

You will need to be root to carry out this procedure. Here are the steps—but don’t worry, we’ll pad them out with a lot of ponderous explanation: