I am running the latest version of 4.5.x and am working on locking down my
servers. Specifically I am looking for information in regards to the
service account. It is currently running under a system administrative
account, which I know I need to change, but I can’t find any documentation
as to what permissions, etc the non-admin account should have on the box.
I have found other Lucee/Railo security recommendations but nothing that
gives more than a passing mention.
My plan is to create a new local, non-admin account but I am looking for
direction on exactly what permissions to grant the service account
(folders, registry?, etc).
It will depend on how you organise your file system, but as a minimum
you will want to grant the user full access to the Lucee installation
folder.
If the JRE you using for Lucee is not the one bundled inside that
folder, then you’ll also want to give the Lucee user full access to
the JRE folder.
Other than that it’s just a question of granting access to code and
file locations based on what Lucee needs to be able do in those
places.
I’ve never needed to include registry access.
Cheers
Julian.On 1 December 2015 at 20:28, <@daniel> wrote:
I am running the latest version of 4.5.x and am working on locking down my
servers. Specifically I am looking for information in regards to the
service account. It is currently running under a system administrative
account, which I know I need to change, but I can’t find any documentation
as to what permissions, etc the non-admin account should have on the box. I
have found other Lucee/Railo security recommendations but nothing that gives
more than a passing mention.
My plan is to create a new local, non-admin account but I am looking for
direction on exactly what permissions to grant the service account (folders,
registry?, etc).