users@glassfish.java.net

File-permission problem on a multi-user system

From: <forums_at_java.net>
Date: Fri, 27 May 2011 04:36:43 -0500 (CDT)

Normal 0 21 false false false DE X-NONE X-NONE Dear JavaRanch members,
I’m working on a new Java EE application, which will operate as a common
user-interface for our native unix-applications. These unix-applications are
installed on single server instance with several file-servers attached to it
and the unix-profiles of our customers are also on that server instance –
and that’s the problem.
 Any application-call and file-access made by the java application server
(Glassfish) will be performed as www user, which is in fact not that what we
want. And becoming another user on a CentOS server is not that easy, because
the setuid system-call requires a root privileged process (and running
Glassfish as root is also not that what we want).
The work-around I developed out looks like this:

  * Create a native application which calls setuid and creates another process
    with the user privileges. This application will take a path to a JAR file.
  * This JAR file is an executable JAR and will create a helper-daemon.
  * The EJB inside Glassfish will establish a RMI connection to the daemon and
    performs some operations. Every function in the helper-daemon will require
    some credentials (generated hash or username-hash combo) to avoid
    connections from 3nd processes.
  * The helper-process will be killed at the same time where the user-session
    ends.
  * Alternatively: Create and kill the helper-process any time when the EJB
    requires it.

Because this sounds a bit tricky and dirty, i would be grateful if you could
tell me if this is the good solution and/or if this is the only solution.
Regards,
Temes the Warrior


--
[Message sent by forum member 'Temeshwarrior']
View Post: http://forums.java.net/node/806743