For security reasons, it is always best to run UNIX-based production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges. However, you will have to run Directory Server with root privileges if you are using the default Directory Server ports. If Directory Server is to be started by Administration Server, Administration Server must run either as root or as the same user as Sun ONE Directory Server 5.1.
You must therefore decide what user accounts you will use for the following purposes.
The user and group under which you will run Sun ONE Directory Server 5.1.
If you will not be running Sun ONE Directory Server 5.1 as root, it is strongly recommended that you create a user account for all Sun ONE servers. You should not use any existing operating system account, and must not use the nobody account. Also you should create a common group for the Sun ONE Directory Server 5.1 files; again, you must not use the nobody group
The user and group under which you will run Administration Server.
For configurations that use the default port numbers, this must be root. However, if you use ports over 1024, then you should create a user account for all Sun ONE servers, and run Administration Server as this account.
As a security precaution, when Administration Server is being run as root, it should be shut it down when it is not in use.
You should use a common group for all Sun ONE servers, such as gid Sun ONE, to ensure that files can be shared between servers when necessary.
Before you can install Sun ONE Directory Server 5.1 and Administration Server, you must make sure that the user and group accounts you will use exist on your system.