Lawson's
Directory Structure
Lawson requires the code to be changed and tested in it's
own directory structure so it's not possible to change and
test the source in any other directory.
So in order to accomplish having a backup of the source in
case a mistake is made you would copy the original code and
then make changes to the original.
Code Control handles making these copies for you.
Security
As you may (or may not) know when the Lawson code is
installed all the source files are read-write for everyone
(ALL USERS!). Not only the source code but also the binaries,
the GEN database, the dictionaries. In fact the entire directory
structure is either "rw-rw-rw" or "rwxrwxrwx".
There are also some "rwsrwxrwx" (the SetUID bit
set and owned by root). These files require the SetUID bit
set, but don't need to be accessable by everyone!
Lawson has available a document that allows you to tighten
your security (we've derived our SetPerms scripts from this).
It needs a bit of "tweaking" to get it just right
and it does work very well for keeping unauthorized users
out of your code and directories.
Code Control handles this as well.
Here's how it works. It's really quite basic:
- Secure your code, directories and other files (binaries,
database files, etc...)
- Don't let people log in as lawson (or lawadm)
- When a change to a file is needed do the following:
- Create a backup of the original file
- Change to ownership of the copy to lawson and make
it "rw-r--r" (mode 644)
- Change to ownership of the original to the person
who will make the changes
Code Control will also put things back while keeping a "before-revision"
copy of the code and a UNIX "diff" file.
To see more information please refer to the Technical
Details or just download it, install it and read the scripts.
|
Full
Description (long)
Just
the Facts