Menu
▾
▴
[Exist-open] Securing my exist-db
|
From: Nick S. <nsi...@nu...> - 2022-01-12 18:31:29
|
I am in the process of setting up a brand new server with eXist-db running on it. I am paying particular attention in trying to make this server as secure as possible. I am not a linux administrator by training but I know decent amount to be able to follow directions. The eXist-db website has a best practices page for setting up eXist-db here: https://exist-db.org/exist/apps/doc/production_good_practice.xml Under the "Operating System Permissions" section it states the following: "/Typically we would recommend creating an exist user account and exist user group with no login privileges (no shell and empty password), changing the permissions of the eXist-db installation to be owned by that user and group. Then run eXist-db using those credentials./" I am using AWS Linux and I am able to SSH into the server as "ec2-user". I created a new user "exist-user" using the "adduser" command. I then tried to remove login privileges by typing the command: >sudo usermod exist-user -s /sbin/nologin This successfully removed login privileges for 'exist-user', however, when I try to switch my ec2-user to exist-user I get the notification "This account is currently not available." I believe I must be misunderstanding the what the best practices recommendation is trying to tell me. What do I need to do to create a user /"with no login privileges (no shell and empty password)"? /Can someone explain? Nick -- Nick Sincaglia President/Founder NueMeta, LLC Digital Media & Technology Phone: +1-630-303-7035 nsi...@nu... http://www.nuemeta.com Skype: nsincaglia |
