Hi Steve,
If I remember rightly, by default the server is started as root (to be able
to open the listening ports) then switch to nsslapd-localuser (which is
usually not privileged)
That said, I routinely run 389ds directly as a non-root user (mostly for
development and debugging purposes) so it is possible to do it.
There is a bit more than what you listed but not much. (I do not change the
instance configuration files but rather directly the template files (
defaults.inf for the user and paths and template-dse*.ldif to disable by
default some plugins) then I create new instances with dscreate as usual:
1. Make sure to use non privileged port when creating instance
2. Modify the defaults.inf to change the paths towards writable (by the
user) directories (beware of path loke /run or /var/run )
Most functionalities work fine but it may be possible that some plugins
interacting with external components do not.
For my part I had to disable pwdchan-plugin from the template-dse*.ldif but
that is more likely because I use a custom build without RUST rather than
the fact I start the server while logged in with an unprivileged user.
Have fun !
Pierre
On Mon, Jan 10, 2022 at 8:52 AM Steve F <steve.falzon(a)outlook.com> wrote:
Hello!
Currently dscontainer will start, configure and run ds-389 as a root user.
I am wondering if there is support to run as a non-root user?
It is as simple as chown'ing the files to a non privileged user, updating
nsslapd-localuser to the correct user, then running dscontainer -r as the
unprivileged user?
Or will this break some other functionality?
Cheers,
Steve
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
--
--
389 Directory Server Development Team