Hi all,
I'm in the process of cleaning up the users and groups on our
RHEL/CentOS servers, the end goal being to centralize the information in
an LDAP directory.
Where I'm not sure how to proceed is where to place system accounts and
groups.
Lets take Oracle as an example. It requires the following:
- A user "oracle" w/group "oinstall". This accounts owns the files on disk.
- Group "dba", DBA user group
- Group "oper", not so DBA user group
What I'm unsure of is where to put them.
- Do I create them on the server then have to perform local updates to
the group members as people come and go?
- Do I put them in the directory and hope it doesn't go down*.
- Do I go 50/50. Create oracle/oinstall locally but put them dba and
oper groups in the directory. (This seems like the winning choice.)
*It's redundant, and shouldn't go down. But never say never.
To add more ingredients to the pot, I'm using Puppet to setup new
servers which can, and usually does, get confused when having local and
centralized groups.
Ideas, comments?
_______________________________________________
mlug mailing list
[email protected]
https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
