Missed Team ’24? Catch up on announcements here.

×
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Crucible installation recommends creating a separate user - why?

BillBu
BillBu May 27, 2014

Step 4 in the instructions for installing Crucible say to create a separate user. Why is this and what will happen if you don't do it?

Text from instructions below:

4. Create a dedicated Crucible user (recommended)

For production installations, we recommend that you create a new user account on your operating system that is dedicated to running Crucible. This user:

  • Should not have admin privileges.
  • Should be a non-privileged user with read, write and execute access on the Crucible home (install) directory and instance (data) directory. These directories are described below.
  • Should only have read access to your repositories.

If you created a dedicated Crucible user, ensure you are logged in as this user to complete the remaining instructions.

Answer
Watch
Like Be the first to like this
397 views

1 answer

0 votes
Piotr Swiecicki
Piotr Swiecicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 28, 2014

Hi Bill,

The rationale behind this recommendation is the security. FishEye/Crucible is a Java application and can only be as secure as JVM is. In case there is any security threat introduced in FishEye/Crucible code (which we endavour to avoid obviously) or in JVM, potential attacker could take control over the instance. Now, if the instance is run by dedicated OS user without privileges to any other systems on that server, the worst that can happen is that attacker accesses FishEye/Crucible data. But if this is shared account user by several system, or even a root account with full priviliges, the potential damage can be much wider.

By the way it is generally accepted best practise to run each service on dedicated user, this is why web servers, databases, mail servers etc. usually run on dedicated users, too.

Because of the above we recommend using dedicated user on production systems.

Hope that helps,

Reply

Suggest an answer

Log in or Sign up to answer
Fisheye
Fisheye/Crucible
TAGS
AUG Leaders

Atlassian Community Events

    See all events