Thanks Pete. so the steps... create user and group install directory as root set server user and group to user and group created Does "installing" the directory as root affect how the DS starts (or anything else for that matter)? And if I set the server user and group to something I create, will the DS start as them? Trying to ascertain if I need to config the DS startup in the OS to switch users. Probably a common thing in rc.local or whatever and I'm an idiot :) Again thanks for answering the newb question. I just need to research linux more and get this baby running the correct way. --- Pete Rowley <prowley at redhat.com> wrote: > Scott Roberts wrote: > > New to linux and was wondering what is the best > > practice for choosing a user and group for running > > applications? Is running an app as root the normal > > thing to do? > no > > Is running apps as root a bad thing? > yes > > Huge > > security risk? > yes > > Sorry for the stupid question but have > > seen different docs saying what to run a directory > as. > > The RH docs say if you want to run directory on > > default ports run as root. Thats what I plan to > do. > > > > > This refers to starting the DS, but the DS is > configured to run as > another user/group. When the DS starts up it opens > the ports it > requires and then changes to the configured > user/group in order that > under normal running conditions it has a lower > security profile. > Starting the DS as root is required to open ports > 389 and 636, the > designated LDAP and LDAPS ports, but please do > configure the server to > switch to a user/group which you have created > specifically for the DS. > > > -- > Pete > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
