Full Discription
     

Full Description (long)

Just the Facts

Technical Details

"How-To" Instructions

Install Instructions

Download It! (tar file)
 

As I mentioned in the introduction Code Control was extracted from a much larger package. That package was used for the management of the development process of software in the Lawson environment. It handled everything from user requests to entering full technical details on the request, an approval process including routing the request and many reports for auditors. Kastle Consulting developed the product and made it available to our clients. We never really took off with it because of most of our efforts being focused on all the other Lawson work we were doing.

When I thought about developing LawsonTech I had in mind to take apart that package we wrote and make the code control part of it available to anyone who could use it (and everyone needs it!).

So here it is. I'm going to start here with a detailed explination (good bedtime reading).

As a System and/or Security Administrator it's important to have the ability to make sure nobody is changing source code without the authority to do so. Also it's important to be sure that the control of the file(s) being modified remains with the current individual making the changes. You wouldn't want two different people making changes to the same file.

In using a common approach to source code control you would allow programmers to copy the source into his or her own directory, modify and test it and then move it back into "production".

This would work great if you were not using Lawson.

Lawson requires the code to be changed and tested in it's own directory structure so it's not possible to change and test the source in your home directory (or any other directory).

So in order to accomplish the ability to have a backup of the source in case a mistake is made would be to copy the original code then make changes to the original.

I've seen people do this a number of ways. Copy it into the same directory with an extention like the date or ".bak", copy it to the same name with lower-case instead of ALL-CAPS, copy it to another directory or worse - don't make a backup copy.

Now that you've dealt with keeping a backup (and make sure you don't loose or overwrite it) we can deal with security!

As you may (or may not) know when the Lawson code is installed all the source files are read-write for everyone (ALL USERS!). Not only the source code but also the binaries, the GEN database, the dictionaries. In fact the entire directory structure is either "rw-rw-rw" or "rwxrwxrwx".

There are also some "rwsrwxrwx" (the SetUID bit set and owned by root). These files require the SetUID bit set, but don't need to be accessable by everyone!

If you didn't know this and you're a System/Security Administrator you've most likely passed-out by now! After you have recovered, check it out for yourself.

Lawson has available a document that allows you to tighten your security (we've derived our SetPerms scripts from this). It needs a bit of "tweaking" to get it just right and it does work very well for keeping unauthorized users out of your code and directories.

If fact the only authorized user will then be "lawson". This is a good start, but with this you run into a few problems

  1. Anyone who will ever make changes to the code will need to login as lawson.
    • Which means this person can then do anything to any file or directory owned by lawson.
  2. Although changes can be made to the code and it can be compiled - the lawson user is not normally able to run any Lawson applications.
    • So you'll have to log in as another user to test the programs.
  3. There's no "real" record of who made the change to the code.
    • All files tagged with "lawson" user.

Now that I've listed all the problems you'll either want to figure out how to solve them, add to my list or read on for a solution.

It's really quite basic

  1. Secure your code, directories and other files (binaries, database files, etc...)
  2. Don't let people log in as lawson (or lawadm)
  3. When a change to a file is needed do the following:
    • Create a backup of the original file
    • Change to ownership of the copy to lawson and make it "rw-r--r" (mode 644)
    • Change to ownership of the original to the person who will make the changes

That's all there is to it!

To put the source code back to normal simply change to ownership of the file back to lawson. I would also keep some type of revision history and never overwrite the original backup you created.

To see more information please refer to the Technical Details or just download it, install it and read the scripts.