The BATTS Security Model

BATTS doesn't have any security. Well, almost.

BATTS will create for itself a MySQL user named batts who has full control over the ticketing system. Anyone who can run the BATTS binary and who can read the batts.myrc file discussed below will be able to do anything to the BATTS ticketing system, including the ability to delete records or even the entire database.

BATTS assumes that you will use the Unix permissions to control access to the batts.myrc file, which contains the database connection information. Our advice is to create a group named batts in your /etc/group file and to make all authorized users of the ticketing system members of that group. Other people will be able to create tickets and even add information to the ticket log via the e-mail interface.

Once you have done this, all you need to do is to change the group of the batts.myrc to batts and change permissions on the file to 0640. After this, only members of the group batts and the owner of the file, who is probably root, will have the password to the database.

One last note: Unix group information is obtained at login; once you have created the group, log out and log back in to become a member of that group. Until you log out and back in, you will not be a member of the batts group.