Someone currently building an internal development environment required some integration between servers using SSH and the webservd user.
He came to me when he saw that the default home directory for the webservd user is /. He didn’t want to create a /.ssh/authorized_keys file and I didn’t blame him. My first reaction was to change the home directory but I didn’t want to break something so I opened up Google and found something incredible.
DISCLAIMER: The following is quoted from documentation at docs.sun.com (emphasis is mine). I do not recommend you actually listen to it’s instructions:
If the runtime user of the OpenSSO Enterprise web container instance is a non-root user, this user must be able to write to its own home directory.
For example, if you are installing Sun Java System Web Server, the default runtime user for the Web Server instance is webservd. On Solaris systems, the webservd user has the following entry in the /etc/passwd file:
webservd:x:80:80:WebServer Reserved UID:/:
The webservd user does not have permission to write to its default home directory (/). Therefore, you must change the permissions to allow the webservd user to write to its default home directory. Otherwise, the webservd user will encounter an error after you configure OpenSSO Enterprise using the Configurator.
Did someone actually write in documentation to give the webservd user write access to / ?!?!? What were they thinking?