[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#4612) slapd reads config file only after chrooting / dropping root privileges

Full_Name: Geert Hendrickx
Version: 2.3.24
OS: NetBSD (irrelevant)
Submission from: (NULL) (

When running slapd as a non-root user with the -u flag, the config file has to
be readable by that user because slapd reads it only after dropping privileges,
unlike many other daemons do.  

Similarly, when running slapd chrooted with the -r flag, all paths in the config
file must be relative to the chroot dir, because slapd reads it only after
chrooting.  This is especially annoying since it implies we have to maintain two
versions of the config file: one with relative paths for slapd itself, and
another with absolute paths for slurpd and other tools like slapcat/slapadd/....

I don't know whether slapd was intentionally designed like this, but would it be
possible to make it read its config file before chrooting and/or dropping root