Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Crucible installation recommends creating a separate user - why?

Step 4 in the instructions for installing Crucible say to create a separate user. Why is this and what will happen if you don't do it?

Text from instructions below:

4. Create a dedicated Crucible user (recommended)

For production installations, we recommend that you create a new user account on your operating system that is dedicated to running Crucible. This user:

  • Should not have admin privileges.
  • Should be a non-privileged user with read, write and execute access on the Crucible home (install) directory and instance (data) directory. These directories are described below.
  • Should only have read access to your repositories.

If you created a dedicated Crucible user, ensure you are logged in as this user to complete the remaining instructions.

1 answer

0 votes

Hi Bill,

The rationale behind this recommendation is the security. FishEye/Crucible is a Java application and can only be as secure as JVM is. In case there is any security threat introduced in FishEye/Crucible code (which we endavour to avoid obviously) or in JVM, potential attacker could take control over the instance. Now, if the instance is run by dedicated OS user without privileges to any other systems on that server, the worst that can happen is that attacker accesses FishEye/Crucible data. But if this is shared account user by several system, or even a root account with full priviliges, the potential damage can be much wider.

By the way it is generally accepted best practise to run each service on dedicated user, this is why web servers, databases, mail servers etc. usually run on dedicated users, too.

Because of the above we recommend using dedicated user on production systems.

Hope that helps,

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase

The benefits of using Jira in different departments

Jira is a great tool to use across different departments. Forget that paperwork – switch to Jira and get that tasks done smoothly. Marketing Jira allows for a complete digital transformation of you...

133 views 0 8
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you