Add Official Support for Root Install/Non-Root Instance

Idea ID 2786591

Add Official Support for Root Install/Non-Root Instance

Currently, the only SUPPORTED method to running eDirectory as a non-root user is to use the tarball based install. The problem with this is that it leaves the eDirectory binaries vulnerable, as the non-root/non-privileged user owns the binaries. In addition, it means you cannot use the standard RPM based eDirectory installation (nds-install) to maintain eDirectory updates. A more secure method of running a NON-ROOT INSTANCE of eDirectory is to instead perform a standard install as root, which places the eDirectory binaries in the standard location with standard rights and then create the nds INSTANCE using a non-root/non-privileged user. This way, the binaries are protected as they are owned by root and you can continue to use the standard RPM based installation but eDirectory itself runs as a non-privileged user, satisfying security requires to not run applications as root. This configuration works fine today, it is just not officially supported by Micro Focus. Going forward, as more customers are interested in running eDirectory as non-root, this safer and easier to maintain configuration should be supported. See this Micro Focus Community article for more information about using this configuration: https://community.microfocus.com/t5/eDirectory-Tips-Information/eDirectory-Conversion-root-to-non-root-instances/ta-p/1775521
About the Author
Identity and Access Management
Top Voted Ideas: last 30 days
Most "Liked" Contributors
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.