[Fedora-directory-users] run as root? newb question
Richard Megginson
rmeggins at redhat.com
Sat Sep 16 20:39:54 UTC 2006
Scott Roberts wrote:
> Thanks Pete.
>
> so the steps...
> create user and group
> install directory as root
> set server user and group to user and group created
>
setup will do this for you.
> Does "installing" the directory as root affect how the
> DS starts (or anything else for that matter)?
No. In fact, you have to install the RPM as root.
> And if I
> set the server user and group to something I create,
> will the DS start as them?
The DS will start as root, and start the server listening to ports
389/636, then the server will "drop privileges" to run as the non-root
user (nobody:nobody by default).
> Trying to ascertain if I
> need to config the DS startup in the OS to switch
> users. Probably a common thing in rc.local or whatever
> and I'm an idiot :)
>
No, the server just does it automatically. As long as you specify the
user to use during setup.
> Again thanks for answering the newb question. I just
> need to research linux more and get this baby running
> the correct way.
>
> --- Pete Rowley <prowley at redhat.com> wrote:
>
>
>> Scott Roberts wrote:
>>
>>> New to linux and was wondering what is the best
>>> practice for choosing a user and group for running
>>> applications? Is running an app as root the normal
>>> thing to do?
>>>
>> no
>>
>>> Is running apps as root a bad thing?
>>>
>> yes
>>
>>> Huge
>>> security risk?
>>>
>> yes
>>
>>> Sorry for the stupid question but have
>>> seen different docs saying what to run a directory
>>>
>> as.
>>
>>> The RH docs say if you want to run directory on
>>> default ports run as root. Thats what I plan to
>>>
>> do.
>>
>>>
>>>
>> This refers to starting the DS, but the DS is
>> configured to run as
>> another user/group. When the DS starts up it opens
>> the ports it
>> requires and then changes to the configured
>> user/group in order that
>> under normal running conditions it has a lower
>> security profile.
>> Starting the DS as root is required to open ports
>> 389 and 636, the
>> designated LDAP and LDAPS ports, but please do
>> configure the server to
>> switch to a user/group which you have created
>> specifically for the DS.
>>
>>
>> --
>> Pete
>>
>>
>>> --
>>>
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>>
>>
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060916/b29f457d/attachment.bin>
More information about the Fedora-directory-users
mailing list