I.7 System Users

SLES and OES create system users on the local Linux system to provide user IDs (uids) to service processes. These users have rights to local files, such as configuration files.

The services that rely on system users do not have passwords because they don’t need to log in. They simply use their associated user IDs.

When NSS is installed, some of these users are moved to eDirectory and LUM enabled. This is done to provide access to NSS data, to keep the user IDs the same across multiple servers, and to facilitate clustering and shared volumes.

Table I-2 lists the various system users that are used by OES services.

Table I-8 System User Purposes

System User or Group Name

Associated Service

Purpose

arkuser

Archive and Versioning Services

The service uses PostgreSQL as its metadata store, and PostgreSQL must run as a low-privileged user.

arkuser is that low-privileged user.

dhcpd

DHCP

DHCP accesses local resources through this or an alternatively specified user.

If the DHCP lease and configuration files are stored on NSS, the user must be moved to eDirectory and LUM enabled.

dhcpd is used by default, but any local user can be used.

hacluster

Heartbeat

This user is created by Heartbeat, but it not used by Heartbeat nor by Novell Cluster Services.

iprint

iPrint

The iPrint daemons run as this user.

If iPrint is moved to NSS, this user is created in eDirectory and the local user is removed.

named

DNS

This system user lets DNS access local resources.

In case of clusters, DNS data is on NSS volume, and so the user has to be created in eDirectory as well.

named is used by default, but any local user can be used.

ncsclient

NCS

Used by NCS to access the adminfs file system.

novell_nobody

CIMOM

This user is created by CIMOM but is not currently used.

novlxregd

XTier

The XTier Registry Daemon (novell-xregd) runs as this user.

When NSS is installed on the Linux server, this user is removed from the local system and created as LUM-enabled user in eDirectory. This is required because it must have access to NSS data, and all NSS access is controlled through eDirectory.

novlxsrvd

XTier

The XTier Server Daemon (novell-xsrvd) runs as this user.

When NSS is installed on the Linux server, this user is removed from the local system and created as LUM-enabled user in eDirectory. This is required because it must have access to NSS data, and all NSS access is controlled through eDirectory.

wwwrun

Apache

The Apache daemon runs as this user.

When NSS is installed on the Linux server, this user is removed from the local system and created as LUM-enabled user in eDirectory. This is required because it must have access to NSS data, and all NSS access is controlled through eDirectory.