[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4612) slapd reads config file only after chrooting / dropping root privileges



The behavior is as intended.   While certainly it is "possible"
to redesign this code, I don't think it sensible to do so.

At 02:29 AM 7/13/2006, ghen@telenet.be wrote:
>Full_Name: Geert Hendrickx
>Version: 2.3.24
>OS: NetBSD (irrelevant)
>URL: 
>Submission from: (NULL) (212.123.14.84)
>
>
>When running slapd as a non-root user with the -u flag, the config file has to
>be readable by that user because slapd reads it only after dropping privileges,
>unlike many other daemons do.  
>
>Similarly, when running slapd chrooted with the -r flag, all paths in the config
>file must be relative to the chroot dir, because slapd reads it only after
>chrooting.  This is especially annoying since it implies we have to maintain two
>versions of the config file: one with relative paths for slapd itself, and
>another with absolute paths for slurpd and other tools like slapcat/slapadd/....
> 
>
>I don't know whether slapd was intentionally designed like this, but would it be
>possible to make it read its config file before chrooting and/or dropping root
>privileges?