[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#98 'user' patch for BSD systems

To: openldap-its@OpenLDAP.org
Subject: Re: ITS#98 'user' patch for BSD systems
From: bmc@it.larc.nasa.gov
Date: Fri, 12 Mar 1999 18:46:06 GMT

On Fri, Mar 12, 1999 at 05:59:23PM -0800, Kurt D. Zeilenga wrote:
> The uid/gid/root changes may also only be feasible with a subset of
> the backends (ie: ldbm/bdb2).  For example, back-passwd requires
> privledged access to the system password file.  back-perl and pack-tcl
> also have special requirements.

As far as the back-passwd, most systems can work around it with
"-u nobody -g shadow" and could be mentioned in the README as a
workaround. This atleast still leaves some level of system protection.

back-{perl,tcl} should not have any different requirements for privildges
than the database backends, slapd will simply need 'rw' access to
the data they are serving (since the perl/tcl scripts are loaded into
memory upon startup, they wont run as subprocesses)

-- 
-----    -- - -------- --------- ----  -------  -----  - - ---   --------
Ben Collins <b.m.collins@larc.nasa.gov>                  Debian GNU/Linux
OpenLDAP Core - bcollins@openldap.org                 bcollins@debian.org
UnixGroup Admin - Jordan Systems         The Choice of the GNU Generation
------ -- ----- - - -------   ------- -- ---- - -------- - --- ---- -  --

Prev by Date: Re: ITS#98 'user' patch for BSD systems
Next by Date: Re: Configure unable to detect pthread.h (ITS#94)
Index(es):
- Chronological
- Thread