In Linux, using 777, obviously that would be the main setting for all users to be allowed to write to the hotdeploy directory. However, 777 also is a security issue.
While 777 may be great for testing purposes, it is not great for production servers that are linked to the network. So basically this boils down to what the OS can allow and this is how APM handles the users who are allowed to write to the hotdeploy directory.
We go by those the OS will allow based on the permissions. Even if we took 1 file and tried to allow only 2 users to it, Linux would not allow it as a file can only have a single owner. You could create a group that contains the users that should have the access and make that the owning group of the file, but a lot of administrative overhead will be needed.
If your filesystem supports ACL's, then that is another option, however not every local filesystem is mounted to support ACL's.https://www.linuxquestions.org/questions/linux-security-4/how-to-setup-file-permissions-for-multiple-groups-users-that-use-windows-and-linux-841962/
Another option is to turn off the automatic entry point detection, if you are not using this.
To do this, set introscope.agent.deep.entrypoint.enabled to false in the IntroscopeAgent.profile. No restart is required for this property.NOTE:
If you turn this feature off, smart instrumentation still works, however you will not automatically get the following.
If you turn this feature off, smart instrumentation still works, however you will not automatically get the following. You would have to manually add these in.
- Technology stacks and frameworks that Introscope instrumentation does not already monitor
- Custom or proprietary api calls
- Background threads that consume critical resources and can affect the overall application performance