Orion Poplawski wrote:
On 02/15/2013 11:38 AM, John Dennis wrote:
On 02/15/2013 01:35 PM, Rob Crittenden wrote:
John Dennis wrote:
The example cited was the apache user, a system daemon. For system
bound to system daemons I stand by what I said. If you want to talk
about other system users not bound to a daemon than state that rather
than confusing the issue.

He cited a backup user. That isn't tied to a daemon.

The original message said this:

I think the main issue we've run into is needing the apache user ...


Another example is a backup user account that backup software logs in as.

Also some accounts that own files and some services run as that are
needed on multiple machines.  I suppose we could use puppet to manage
those, but ldap seems more convenient.

In any case, it is probably reasonable to discuss these two cases separately.

As John said, for pure system daemons it is probably best to leave those as local accounts.

For quasi local accounts like mock or backup accounts things get a little fuzzy. I think I would avoid storing the user in /etc/passwd and the group in IPA, if possible. I imagine that sssd would be able to handle the case ok but I don't know that this is something they actively test.

Why do you want/need to distinguish them from "real" people?


Freeipa-users mailing list

Reply via email to