Hello,
So I understand that installing the DS as a user other than root is reccommended.
Is there a user/group pair that is reccommended or does it matter?
The reason I ask is that i do not want to, down the road, have problems with other JES integrated components as a result of my decision.
I was going to install as dsuserand dsgroup
thanks -john
Well I found this post, right after i installed the DS as dsuser:dsgroup
In any event DS and admin serv appear to start and run fine despite not doing what is listed below.
Is it possible that sun's documentation is out of date ? ..(:i agree with gary here that something so important as this not being talked about elsewhere, like the DS insatll guide ? or the JES unix install guide is a amiss.
******************************
Found this in the documentaion. It basically says that you must install everything as root then change to a regular user. It is in chapter 1 of the administration guide. Kind of a small blurb for something that would seem as important as this. Any way here is a cut and paste:
Normally you must be root to start Directory Server if the port is less than 1024. The following procedure enables you to use a specified non-root user instead.
Install Directory Server and Administration Server. When configuring the servers, ensure that the user for both servers is root.
Use the installation instructions in Java Enterprise System Installation Guide.
Stop the Directory Server. See Starting and Stopping Directory Server.
From the ServerRoot directory, run the following commands to change directory and file ownership to the required userID.
chown -R userID:groupID slapd-hostname
chown -R userID:groupID alias/slapd-hostname-*.db
Edit the file dse.ldif to change the nsslapd-localuser value from root to the required userID.
Restart the Directory Server. See Starting and Stopping Directory Server.
Hopefully this will help somebody out in the future.
Gary
Gary,
Your mileage may vary depending on the type of installation of Directory Server that you are doing.
If installing from the Java ES installer (Directory Server packages), it is preferred to be root to install.
If installing from a Zip file (Directory Server tarball), you can install as anyone with the restriction that ports under 1024 can only be opened by a privilege account (root).
I personally always install directory under my id and group, do not use port 389 (or if I do, I make sure that my instance is started by root). But I do not run them in production ;-)
Manually changing the user after installation (chown, chgrp...) is not a documented procedure and should be carefully thought.
Regards,
Ludovic
