Provide root access but not DB access

Question

Trying to give servers production access to more ops people in our team. Only issue is the DB access concern. For most tasks ops do not need DB access and only limited people should have such access.

Let's say we have two servers:

Application Server: tomcat (app needs access to DB server)

DB server: Database

So ultimately we would like to give root access to the "application server" so that ops can do all sorts maintenance on the server but not be able to gain access to the DB server. This means I cannot just store DB pass in a configuration files for the app to read for example.

Are there well known practices that would solve issue like that?

Answer 1

First any credential that the 'Application Server' has to access the 'DB Server' should be considered handed over to anyone with root on the Application Server. Since you say that DB access must be limited you cannot give ops complete root on the Application Server.

But do not lose hope, there is sudo.

sudo can give users or groups access to root power, but only for limited purposes. Unfortunately setting up sudo correctly can be tricky to prevent subshells and wildcards from getting full root, but it is possible.

There are too many permutations for a general answer beyond sudo without additional information about your use case. A great reference for sudo with exactly this use case in mind is 'Sudo Mastery' by Michael W. Lucas.