Step 4 in the instructions for installing Crucible say to create a separate user. Why is this and what will happen if you don't do it?
Text from instructions below:
For production installations, we recommend that you create a new user account on your operating system that is dedicated to running Crucible. This user:
If you created a dedicated Crucible user, ensure you are logged in as this user to complete the remaining instructions.
The rationale behind this recommendation is the security. FishEye/Crucible is a Java application and can only be as secure as JVM is. In case there is any security threat introduced in FishEye/Crucible code (which we endavour to avoid obviously) or in JVM, potential attacker could take control over the instance. Now, if the instance is run by dedicated OS user without privileges to any other systems on that server, the worst that can happen is that attacker accesses FishEye/Crucible data. But if this is shared account user by several system, or even a root account with full priviliges, the potential damage can be much wider.
By the way it is generally accepted best practise to run each service on dedicated user, this is why web servers, databases, mail servers etc. usually run on dedicated users, too.
Because of the above we recommend using dedicated user on production systems.
Hope that helps,
I'm John Allspaw, co-founder of Adaptive Capacity Labs, where we help teams use their incidents to learn and improve. We bring research-driven methods and approaches to drive effective inciden...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs