[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5356) Catching index ownership errors



Full_Name: Russ Allbery
Version: 2.4.7
OS: Debian GNU/Linux
URL: 
Submission from: (NULL) (171.66.157.16)


One of the most common problems we see in Debian with people new to OpenLDAP is
that they run slapindex as root when they're running their directory server as a
non-root user and hence break the file ownership and the database.

Would it be possible to add a check in slapindex where, if slapindex is running
as root and the database files are owned by a different user, it would either
refuse to run (possibly overideable by a flag) or at least print a warning
saying that ownership may have to be fixed later?

One possible problem, I know, is that the names of the database files are a
matter for the database backend and slapindex really shouldn't know what they
are.  But maybe the check could somehow be added to back-bdb and back-hdb and
exposed for slapindex to use?