Installation guide
Configuration Decisions
14 Netscape Directory Server Installation Guide • October 2004
By default, the server root directory is one of the following:
•
/usr/netscape/servers (on UNIX systems)
•
c:\netscape\servers (on Windows systems)
Deciding the User and Group for Your Netscape
Servers (UNIX only)
For security reasons, it is always best to run UNIX-based production servers with
normal user privileges. That is, you do not want to run Directory Server with
root privileges. However, you will have to run Directory Server with root
privileges if you are using the default Directory Server ports. If Directory Server is
to be started by Administration Server, Administration Server must run either as
root or as the same user as Directory Server.
You must therefore decide what user accounts you will use for the following
purposes:
• The user and group under which you will run Directory Server.
If you will not be running the Directory Server as
root, it is strongly
recommended that you create a user account for all Netscape servers. You
should not use any existing operating system account and must not use the
nobody account. Also, you should create a common group for the directory
server files; again, you must not use the
nobody group.
• The user and group under which you will run Administration Server.
For installations that use the default port numbers, this must be
root.
However, if you use ports over
1024, then you should create a user account
for all Netscape servers and run Administration Server as this account.
As a security precaution, when Administration Server is being run as
root, it
should be shut down when it is not in use.
You should use a common group for all Netscape servers, such as
gid Netscape,
to ensure that files can be shared between servers when necessary.
Before you can install Directory Server and Administration Server, you must
make sure that the user and group accounts you will use exist on your system.
install.book Page 14 Wednesday, November 24, 2004 11:30 AM