[Date Prev][Date Next]
Re: (ITS#4612) slapd reads config file only after chrooting / dropping root privileges
The behavior is as intended. While certainly it is "possible"
to redesign this code, I don't think it sensible to do so.
At 02:29 AM 7/13/2006, firstname.lastname@example.org wrote:
>Full_Name: Geert Hendrickx
>OS: NetBSD (irrelevant)
>Submission from: (NULL) (220.127.116.11)
>When running slapd as a non-root user with the -u flag, the config file has to
>be readable by that user because slapd reads it only after dropping privileges,
>unlike many other daemons do.
>Similarly, when running slapd chrooted with the -r flag, all paths in the config
>file must be relative to the chroot dir, because slapd reads it only after
>chrooting. This is especially annoying since it implies we have to maintain two
>versions of the config file: one with relative paths for slapd itself, and
>another with absolute paths for slurpd and other tools like slapcat/slapadd/....
>I don't know whether slapd was intentionally designed like this, but would it be
>possible to make it read its config file before chrooting and/or dropping root