[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: unable to change local socket permissions...
Have we properly undocumented all this stuff?
I think we should go ahead and remove the code.
At 08:43 PM 7/18/2005, Pierangelo Masarati wrote:
>That code is deprecated and should be removed; essentially, because most of the UN*X flavors simply ignore socket permissions, and the few that do require "write" to operate the socket (i.e., execute, write, read).
>The appropriate approach to using sockets is placing them in a specific directory, and use the directory permissions to limit access to the socket. This should be taken care of by system administrators, and not by OpenLDAP code.
>
>p.
>
>mitrohin a.s. wrote:
>
>>helo.
>>
>>ldapi:///????!x-mod=0777 unsupported now?
>>
>>openldap-2.2.27 "servers/slapd/daemon.c" line 891
>>
>> switch ( (*sal)->sa_family ) {
>>#ifdef LDAP_PF_LOCAL
>> case AF_LOCAL: {
>> char *addr = ((struct sockaddr_un *)*sal)->sun_path;
>>#if 0 /* don't muck with socket perms */
>> if ( chmod( addr, l.sl_perms ) < 0 && crit ) {
>> int err = sock_errno();
>>#ifdef NEW_LOGGING
>> LDAP_LOG( CONNECTION, INFO,
>> "slap_open_listener: fchmod(%ld) failed errno=%d (%s)\n",
>> (long)l.sl_sd, err, sock_errstr(err) );
>>#else
>> Debug( LDAP_DEBUG_ANY, "daemon: fchmod(%ld) failed errno=%d (%s)",
>> (long) l.sl_sd, err, sock_errstr(err) );
>>#endif
>> tcp_close( l.sl_sd );
>> slap_free_listener_addresses(psal);
>> return -1;
>> }
>>#endif
>> l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
>> l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
>> snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
>> "PATH=%s", addr );
>> } break;
>>#endif /* LDAP_PF_LOCAL */
>>
>>why?
>>
>>/swp
>>
>
>
>
> SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497