Idea ID 2786591
Currently, the only SUPPORTED method to running eDirectory as a non-root user is to use the tarball based install. The problem with this is that it leaves the eDirectory binaries vulnerable, as the non-root/non-privileged user owns the binaries. In addition, it means you cannot use the standard RPM based eDirectory installation (nds-install) to maintain eDirectory updates. A more secure method of running a NON-ROOT INSTANCE of eDirectory is to instead perform a standard install as root, which places the eDirectory binaries in the standard location with standard rights and then create the nds INSTANCE using a non-root/non-privileged user. This way, the binaries are protected as they are owned by root and you can continue to use the standard RPM based installation but eDirectory itself runs as a non-privileged user, satisfying security requires to not run applications as root. This configuration works fine today, it is just not officially supported by Micro Focus. Going forward, as more customers are interested in running eDirectory as non-root, this safer and easier to maintain configuration should be supported. See this Micro Focus Community article for more information about using this configuration: https://community.microfocus.com/t5/eDirectory-Tips-Information/eDirectory-Conversion-root-to-non-root-instances/ta-p/1775521
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.