[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4719) Support for running slapadd/slapindex as a user

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4719) Support for running slapadd/slapindex as a user
From: quanah@stanford.edu
Date: Tue, 24 Oct 2006 19:00:40 GMT

--On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:

> At 11:48 AM 10/24/2006, ando@sys-net.it wrote:
>> quanah@stanford.edu wrote:
>>> It would be nice if you could pass -u and -g options to run as another
>>> user/group so that on systems where OpenLDAP is running as another user
>>> or group, the files created by slapadd & slapindex have the correct
>>> ownerships (rather than root, for example).
>>>
>> OK for slapadd; for slapindex and other tools, what about using
>> user/group info from the file(s) itself?
>
> Why not just use su(1)?  the only reason slapd(8) has -u/-g options
> is because it changes root after some initialization.

Because some people are brain dead, and because other people set up 
application accounts that don't actually have a shell.  It also makes 
things more consistent behavior wise.  I personally don't have this issue 
because I run openldap as root anyway, but I've seen list traffic about 
this on more than one occasion, and am seeing people hit it on the debian 
openldap list as well.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Prev by Date: Re: (ITS#4719) Support for running slapadd/slapindex as a user
Next by Date: Re: (ITS#4719) Support for running slapadd/slapindex as a user
Index(es):
- Chronological
- Thread