[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5166) Wrong DBD's database permissions when slapd starts

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
From: rra@stanford.edu
Date: Thu, 4 Oct 2007 01:25:40 GMT

pedrorandrade@gmail.com writes:

> After testing, I think the problem is with slapadd.
> The above command (slapd -l base.ldif) created one 'objectClass.bdb' 
> file owned by root:root.
> After chown'ing that bdb file all works again.

> Furthermore, if one skips the slapd start/stop steps, slapadd populates 
> the database dir and all created files are owned by root.

> Is this a bug or not? Shouldn't 'slapadd' setuid();?

If you're going to run slapd as a non-root user, you need to be sure that
all data initialization is done as the user you're running slapd as.  If
any of that data initialization is done by the Debian packaging scripts
(the upgrade scripts, the init script, and so forth), that's a bug in the
Debian package.  Please submit a bug to Debian so that we can fix it
there.

I doubt that anything here is a bug in OpenLDAP.

-- 
Russ Allbery (rra@stanford.edu)             <http://www.eyrie.org/~eagle/>

Prev by Date: Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
Next by Date: Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
Index(es):
- Chronological
- Thread