Thanks Pete.
so the steps...
create user and group
install directory as root
set server user and group to user and group created
Does "installing" the directory as root affect how the
DS starts (or anything else for that matter)? And if I
set the server user and group to something I create,
will the DS start as them? Trying to ascertain if I
need to config the DS startup in the OS to switch
users. Probably a common thing in rc.local or whatever
and I'm an idiot :)
Again thanks for answering the newb question. I just
need to research linux more and get this baby running
the correct way.
--- Pete Rowley <prowley(a)redhat.com> wrote:
Scott Roberts wrote:
> New to linux and was wondering what is the best
> practice for choosing a user and group for running
> applications? Is running an app as root the normal
> thing to do?
no
> Is running apps as root a bad thing?
yes
> Huge
> security risk?
yes
> Sorry for the stupid question but have
> seen different docs saying what to run a directory
as.
> The RH docs say if you want to run directory on
> default ports run as root. Thats what I plan to
do.
>
>
This refers to starting the DS, but the DS is
configured to run as
another user/group. When the DS starts up it opens
the ports it
requires and then changes to the configured
user/group in order that
under normal running conditions it has a lower
security profile.
Starting the DS as root is required to open ports
389 and 636, the
designated LDAP and LDAPS ports, but please do
configure the server to
switch to a user/group which you have created
specifically for the DS.
--
Pete
> --
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com