[Fedora-directory-users] run as root? newb question

Richard Megginson rmeggins at redhat.com
Sat Sep 16 20:39:54 UTC 2006 

Scott Roberts wrote:
> Thanks Pete.
>
> so the steps...
> create user and group
> install directory as root
> set server user and group to user and group created
>   
setup will do this for you.
> Does "installing" the directory as root affect how the
> DS starts (or anything else for that matter)?
No.  In fact, you have to install the RPM as root.
> And if I
> set the server user and group to something I create,
> will the DS start as them?
The DS will start as root, and start the server listening to ports 
389/636, then the server will "drop privileges" to run as the non-root 
user (nobody:nobody by default).
> Trying to ascertain if I
> need to config the DS startup in the OS to switch
> users. Probably a common thing in rc.local or whatever
> and I'm an idiot :)
>   
No, the server just does it automatically.  As long as you specify the 
user to use during setup.
> Again thanks for answering the newb question. I just
> need to research linux more and get this baby running
> the correct way.
>
> --- Pete Rowley <prowley at redhat.com> wrote:
>
>   
>> Scott Roberts wrote:
>>     
>>> New to linux and was wondering what is the best
>>> practice for choosing a user and group for running
>>> applications? Is running an app as root the normal
>>> thing to do?
>>>       
>> no
>>     
>>>  Is running apps as root a bad thing?
>>>       
>> yes
>>     
>>>  Huge
>>> security risk?
>>>       
>> yes
>>     
>>>  Sorry for the stupid question but have
>>> seen different docs saying what to run a directory
>>>       
>> as.
>>     
>>> The RH docs say if you want to run directory on
>>> default ports run as root. Thats what I plan to
>>>       
>> do.
>>     
>>>   
>>>       
>> This refers to starting the DS, but the DS is
>> configured to run as 
>> another user/group.  When the DS starts up it opens
>> the ports it 
>> requires and then changes to the configured
>> user/group in order that 
>> under normal running conditions it has a lower
>> security profile. 
>> Starting the DS as root is required to open ports
>> 389 and 636, the 
>> designated LDAP and LDAPS ports, but please do
>> configure the server to 
>> switch to a user/group which you have created
>> specifically for the DS.
>>
>>
>> -- 
>> Pete
>>
>>     
>>> --
>>>       
>> Fedora-directory-users mailing list
>> Fedora-directory-users at redhat.com
>>
>>     
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection around 
> http://mail.yahoo.com 
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20060916/b29f457d/attachment.bin>

More information about the Fedora-directory-users mailing list