[Date Prev][Date Next] [Chronological] [Thread] [Top]

(Re: ITS#4305) BDB-recovery generates bdb cache files with wrong ownership

To: openldap-its@OpenLDAP.org
Subject: (Re: ITS#4305) BDB-recovery generates bdb cache files with wrong ownership
From: richton@nbcs.rutgers.edu
Date: Thu, 5 Jan 2006 23:25:34 GMT

> If i set "slaptestflags=-u" at location 1, the problem is solved.
> slapcat no longer opens the database running as user root.

Well, "slaptestflags=-u" might not do what you'd want there. "-u" to
slaptest means "dry run"; you're losing the (debatably valuable) config
check before start.

But none of the slap tools are designed with "run as alternate user"
option. This is because they have no reason for privs in the first place
and as such should never be started with privs if you intend to enforce an
alternate uid environment. You're probably better off with that script
intelligently using su(1) or similar if you are currently root and want to
run a slap tool.

Prev by Date: Re: (ITS#4306) bad ACL syntax in modification to olcAccess attribute crashes slapd
Next by Date: Re: (ITS#4308) poor performance under load
Index(es):
- Chronological
- Thread