[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Slapd should give up root permission after binding the socket (ITS#98)

To: openldap-its@OpenLDAP.org
Subject: Re: Slapd should give up root permission after binding the socket (ITS#98)
From: bcollins@debian.org
Date: Wed, 10 Mar 1999 11:50:49 GMT

On Wed, Mar 10, 1999 at 03:56:49AM +0000, dboreham@netscape.com wrote:
> Of course you need to open the config file before
> the identity change, otherwise you wouldn't know
> what to change your identity to.

You would also have to have this user/group attribute come before any
of the database definitions or else a database might still be opened by
root.

I think the best solution is command line arguments, that way it
switches immediately, and independently of config file attributes. The
other solution is running under inetd which would allow you to specify
the user to run as, but performance, inetd usage isn't preferable to
most.

--
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org                 bcollins@debian.org
UnixGroup Admin - Jordan Systems         The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --

Prev by Date: Re: Slapd should give up root permission after binding the socket (ITS#98)
Next by Date: Re: Slapd should give up root permission after binding the socket (ITS#98)
Index(es):
- Chronological
- Thread