[ale] LDAP and System Users/Groups
adam
prozaconstilts at gmail.com
Tue Mar 23 20:41:16 EDT 2010
brian at polibyte.com wrote:
> Hi,
>
> I'm curious how people administering services on linux in environments
> where user accounts are stored in ldap handle users and groups for
> software. For example, let's say you use install apache through your
> distributions package manager. Do you create an apache user in your ldap
> directory beforehand, or do you let the package create a local apache user?
> Or, for a more complicated example, you're installing the oracle database
> through oracle's installer. It requires an account, oracle, that the
> software will run as. It also requires a dba group, that the oracle account
> will belong to but that human users will also belong to. Would you create
> both the user and group in ldap, only one of them, or neither? Why?
>
> All the best,
> Brian Pitts
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
I keep systems accounts on local systems.
Oracle (of course), likes to do it differently. I build an oracle user
and group in ldap, but since I install oracle from their vanilla
distributions, and not via a package system, that means I get to define
the users and groups during installation that oracle will be assigned to
use, and not have a package manager decide what to do.
If, for some reason, you have a packaged oracle that you have to use,
I'd then stick to local system accounts. It'll make patching and
updating later a lot less painful.
Adam
More information about the Ale
mailing list