Now that I've rebuilt my Red Hat 9 box with Fedora, and installed Out-of-the-Box - I really should get my user and group permissions setup properly. If I ever decide to host CVS, shell access or bug tracking for clients, it'd be nice to know my server is secure. Out-of-the-box installs everything as root (save CVS), so I'm constantly doing "chown -R matt $CATALINA_HOME" or "su" to simply deploy files to Tomcat.
How are these open source servers (i.e. SourceForge) setup? If I wanted to setup a SF-clone, I'm assuming I'd need to setup a "developers" or "clientName" group and then create specific cvs repositories for each client. However, I'm not looking to setup a SourceForge-like server right now - I just want to get my permissions right. I'm thinking of creating a "developers" group, and giving it rw rights to Tomcat, Ant, Anthill, etc. Then I'll make myself a user in this group, rather than having to "su" every time I want to do something. What would you do? How would you setup your "dev" box to be more secure with users and groups?