Since ages, Tuleap has a strong integration with underlying OS because all users have their counterpart on the OS as unix users and all projects have their own group.
This is used for:
- Publishing stuff in 'homepages':
- autenticated FTP
- SCPing stuff
- Subversion (repositories are owned by codendiadm but the group is the project because ... probably is was the config of CVS even if it's useless)
From a security stand point it's really bad and corresponding services are only their for legacy reasons until we can remove them.
Recent platforms should not deploy nss & co.
This is enabled by default on enalean/tuleap-aio docker image only ATM