there is something I can't grasp about security in Linux.
I have a piece of software, it's running as a service on user X, it needs RW for directory Y owned by user Z and group C (both which is in LDAP) (this is running on a separate VM - and vm is joined to the kerberos REALM). The Directory Y is NFS mounted. Using posix ACL, I added user X to the directory
I have FreeIPA (kerberos) auth, would it be wise to migrate user X to kerberos and add it group C?
The directory is also used for samba share (windows clients) so multiple users are accessing it and they are in group C.
How would I go about service accounts? Any recommended reading on this?