Creating Non-root Users

As superuser (root), create the non-root users and groups, if they do not already exist, that you want to run Directory Server and the Access Manager web container. The examples in this chapter use the following non-root users and groups:

• Directory Server: dirservd in the dirservd group

• Web Server: webservd in the webservd group

• Application Server: appservd in the appservd group

Using Port Numbers Lower Than 1024 on Solaris 10 Systems

On Solaris 10 systems, you can allow a non-root user to use port numbers lower than 1024, by adding the net_privaddr privilege to the user. The net_privaddr privilege allows a process to bind to a privileged port number (1-1023). Thus, on Solaris 10 systems, the dirservd user can start Directory Server on port 389, or the webservd user can start Web Server on port 80.

For example, the following commands add this privilege to the non-root users:

# useradd -c "Directory Server reserved UID" -d / dirservd
# groupadd dirservd
# usermod -G dirservd dirservd
# usermod -K defaultpriv=basic,net_privaddr dirservd

# useradd -c "Web Server reserved UID" -d / webservd
# groupadd webservd
# usermod -G webservd webservd
# usermod -K defaultpriv=basic,net_privaddr webservd

# useradd -c "Applicaion Server reserved UID" -d / appservd
# groupadd appservd
# usermod -G appservd appservd
# usermod -K defaultpriv=basic,net_privaddr appservd

Note: The net_privaddr privilege applies only to Solaris 10 systems. It does not apply to earlier versions of the Solaris OS or to Linux systems.