[Date Prev][Date Next]
Re: (ITS#4719) Support for running slapadd/slapindex as a user
--On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:
> At 11:48 AM 10/24/2006, firstname.lastname@example.org wrote:
>> email@example.com wrote:
>>> It would be nice if you could pass -u and -g options to run as another
>>> user/group so that on systems where OpenLDAP is running as another user
>>> or group, the files created by slapadd & slapindex have the correct
>>> ownerships (rather than root, for example).
>> OK for slapadd; for slapindex and other tools, what about using
>> user/group info from the file(s) itself?
> Why not just use su(1)? the only reason slapd(8) has -u/-g options
> is because it changes root after some initialization.
Because some people are brain dead, and because other people set up
application accounts that don't actually have a shell. It also makes
things more consistent behavior wise. I personally don't have this issue
because I run openldap as root anyway, but I've seen list traffic about
this on more than one occasion, and am seeing people hit it on the debian
openldap list as well.
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html