It is highly recommended not to run internet-facing services as root. For this reason, oidentd attempts to switch to an unprivileged user automatically after starting up.
Please note that, on a small number of systems, oidentd needs to run as root.
On these systems, a warning is printed at startup, and privileges are not
dropped automatically. In this case, it is recommended to confine the oidentd
process by other means. Your system is affected by this limitation if
oidentd --version prints “Needs root access: Yes”.
By default, oidentd attempts to run as one of the following users, in order of preference. If a user does not exist, oidentd tries to use the next one.
If neither of the above users exists, oidentd switches to user ID 65534.
By default, oidentd attempts to run as one of the following groups, in order of preference. If a group does not exist, oidentd tries to use the next one.
If none of the above groups exist, oidentd switches to group ID 65534.
Changing This Behavior
--group options can be used to run oidentd as another user
or group. oidentd refuses to start up if the user or group specified by either
of these options does not exist, or if privileges cannot be dropped for some