[Freeipa-users] IPA and UIDS <500
Simo Sorce
simo at redhat.com
Thu Jul 19 13:04:30 UTC 2012
On Thu, 2012-07-19 at 07:36 -0400, Stephen Gallagher wrote:
> On Thu, 2012-07-19 at 00:53 +0000, Steven Jones wrote:
> > Actually its pam....unless IPA is as well.
> >
> > Which makes sense then to have an application run < 500 so inherently it cannot be logged into via ssh....
>
> Well, it's possible to configure your system to allow logging in to
> users below 500, but it's not recommended. The real risk is of having
> system services with an ID that conflicts with a user.
In general we do not recommend to set ids on your own, let ipa choose
IDs unless you have a constraint that prevents you from letting that
happen.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list