Still playing around with a virtual NS server and had a couple of questions about users.
It seems that using the UI to create a user, it automatically creates a group of the same name, but neither are added to the system files. It looks like all this achieves it to give the user access to e-mail, and looking through other options, Windows file share. However, you cannot log on to the server as that user, just via the UI.
Can I add users/groups directly to the system files, if I want to run any additional software that needs it’s own user. I tried this and it appears to work, but with a couple of strange side effects.
After banging my head against a door for 2 days trying to understand why my shorewall rules weren’t working in respect to one rule that uses the UID to mark packets, I ran an iptables trace. What this showed me was: UID=0, GID=507. The user in question has UID=506, GID=507. Any ideas why iptables isn’t seeing the UID.
One other anomaly I saw when running OpenVPN, is that if I add --up and --down scripts, these scripts are run as root, but the PATH they are passed is only: /usr/local/bin:/bin:/usr/bin which precludes any system commands from being used. I tried adding /sbin to the path, but even then I get a failure in shorewall that is run as a consequence of signal-event firewall adjust because it can’t find /sbin.