It is highly recommended not to run internet-facing services as root. For this reason, oidentd attempts to switch to an unprivileged user automatically after starting up.
Please note that oidentd needs to run as root on a small number of systems.
On these systems, a warning is printed at startup and privileges are not
Your system is affected by this limitation if
oidentd --version prints “Needs
root access: Yes”.
By default, oidentd attempts to run as one of the following users, in order of preference. If a user does not exist, oidentd tries to use the next one.
If neither of the above users exists, oidentd switches to user ID 65534.
By default, oidentd attempts to run as one of the following groups, in order of preference. If a group does not exist, oidentd tries to use the next one.
If none of the above groups exist, oidentd switches to group ID 65534.
Changing This Behavior
--group options can be used to run oidentd as another user
oidentd refuses to start up if the user or group specified by either of these
options does not exist, or if privileges cannot be dropped for some other