Swadm

A single shared user used to be provisioned for the purpose of software administration on Hosting service virtual machines. This shared user had elevated superuser privileges on fully managed machines, but is no longer necessary with the RHEL9 product. This is no longer the standard, and SE Linux works best when there are not a lot of customizations to the system. For the best user experience, keep as many defaults as possible.

In the event your application still needs a shared user, it is recommended to establish a shared user fit for the application in particular with only the permissions needed to perform its tasks. When possible, this user should be a functional account.

If the legacy shared user is deemed necessary, there are two main approaches in how to incorporate this user in your RHEL9 machine, which will be outlined in this article.

User + home directory

Your application should be able to use system directories as normal. Simply creating the user and assigning appropriate permissions in its home directory should suffice. While your team may decide there is a more appropriate place to home your application, you can use /opt or /usr/local in lieu of /swadm.

• See UMN Tower Docs - Users page for more information on user management with Ansible Tower.
• See z.umn.edu/hostingmanual for an overview of user management on RHEL9

User + filesystem

NOTE: if you are mounting NFS storage you may run in to issues with uid/gid mismatches. Some users have reported that POSIX ACLs can help with this.

• See our rhel9-config examples for ways to recreate the swadm filesystem using Ansible.