I've done a bit of searching around on BB prior to this post. Although I've come across one posting that had some relevant information, I must confess that I am a bit under the thumbscrews.

I'm sure we UNIX gurus can agree that using "root" for anything short of the actual administration of the operating system is a big no-no. However, I am constantly (and consistently) seeing files with "root" ownership under $BSE.

I'd like to stop this, but I am not savvy on Baan "internals". I've done a bit of dancing around the issue with our Baan administrator, but short of pulling teeth, as the UNIX jockey, I am downright tired of "root" this and "root" that everytime somthing has to happen with the Baan software.

Painting a picture, new policy requires root only for the UNIX system administrator, yet the Baan folks here at the office "need root" for Baan administrator (not startup/shutdown).

Three questions:

1. Baan only "needs" root for startup/shutdown, correct?
2. Nothing in $BSE needs root ownership, correct?
3. How can I do this without congressional oversight?


Cheers, and thanks for hearing my vent!
FT

All these files need root ownerships -


$BSE/bin/badmin6.2
$BSE/bin/blogind6.2
$BSE/bin/lp6.2
$BSE/bin/pdaemon6.2
$BSE/etc/rc.start
$BSE/etc/rc.stop
$BSE/log/log.asm_srv
$BSE/log/log.blogind6.2
$BSE/log/log.pdaemon6.2
$BSE/log/log.shmmanager6.2
$BSE/log/log.shmtimer6.2

Refer to the document from the BaaN support site -

Quick Guide 1029 - Security Set-Up in Baan/UNIX

You still have to provide sudo or other forms of access to kill process/users, reset passwords.

Actually, if you don't use the printer daemon and you're not using something like tbase, then I don't see any reason why you would need to startup with root either..

# su - bsp
$ shmmanager6.1 -i
BUFSZ 16777216, MAXATTCH 13, START 0x3800000, STEP 0x1000000
Start /opt/baan/4c4/bin/shmtimer6.1:
Starting successful
Shmtimer started: pid = 77105, time = 1101760859 (Mon Nov 29 15:40:59 2004)]

Baan's up!

chown -R bsp:bsp $BSE - Enjoy!

Dave

NP is right But:

$BSE/bin/badmin6.2 -- Who needs it?

$BSE/bin/blogind6.2 -- most people don't use it.. but if you do...

$BSE/bin/lp6.2 -- why aren't you using windows printers????

$BSE/bin/pdaemon6.2 -- Does anyone out there NOT have a shell script to clean up tempfiles?

$BSE/etc/rc.start -- a shell script...
$BSE/etc/rc.stop -- a shell script...

That doc he gives is good, but its conservative. a lot of it depends on what you need obviously...

Dave