[Freeipa-users] Non-human users
Rob Crittenden
rcritten at redhat.com
Fri Feb 15 18:49:32 UTC 2013
Orion Poplawski wrote:
> On 02/15/2013 11:38 AM, John Dennis wrote:
>> On 02/15/2013 01:35 PM, Rob Crittenden wrote:
>>> John Dennis wrote:
>>>> The example cited was the apache user, a system daemon. For system
>>>> users
>>>> bound to system daemons I stand by what I said. If you want to talk
>>>> about other system users not bound to a daemon than state that rather
>>>> than confusing the issue.
>>>>
>>>
>>> He cited a backup user. That isn't tied to a daemon.
>>
>> The original message said this:
>>
>>> I think the main issue we've run into is needing the apache user ...
>>
>>
>>
>>
>
> And:
>
>
> Another example is a backup user account that backup software logs in as.
>
> Also some accounts that own files and some services run as that are
> needed on multiple machines. I suppose we could use puppet to manage
> those, but ldap seems more convenient.
In any case, it is probably reasonable to discuss these two cases
separately.
As John said, for pure system daemons it is probably best to leave those
as local accounts.
For quasi local accounts like mock or backup accounts things get a
little fuzzy. I think I would avoid storing the user in /etc/passwd and
the group in IPA, if possible. I imagine that sssd would be able to
handle the case ok but I don't know that this is something they actively
test.
Why do you want/need to distinguish them from "real" people?
rob
More information about the Freeipa-users
mailing list