Choosing User and Group
For security reasons, it is always best to run production servers with normal user privileges. That is, you do not want to run Directory Server with root privileges. However, you will have to run Directory Server with root privileges if you are using the default Directory Server ports. If Directory Server is to be started by Administration Server, Administration Server must run either as root or as the same user as Sun ONE Directory Server.
You must therefore decide what user accounts you will use for the following purposes.
-
The user and group under which you will run Sun ONE Directory Server
If you will not be running the Sun ONE Directory Server as root, it is strongly recommended that you create a user account for all Sun ONE servers. You should not use any existing operating system account, and must not use the nobody account. Also you should create a common group for the Sun ONE Directory Server files; again, you must not use the nobody group.
-
The user and group under which you will run Administration Server
For configurations that use the default port numbers, this must be root. However, if you use ports over 1024, then you should create a user account for all Sun ONE servers, and run Administration Server as this account.
As a security precaution, when Administration Server is being run as root, it should be shut it down when it is not in use.
You should use a common group for all Sun ONE servers, such as gid servers, to ensure that files can be shared between servers when necessary.
Before you can install Sun ONE Directory Server and Administration Server, you must make sure that the user and group accounts you use exist on your system.
- © 2010, Oracle Corporation and/or its affiliates