[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4719) Support for running slapadd/slapindex as a user

--On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:

> At 11:48 AM 10/24/2006, ando@sys-net.it wrote:
>> quanah@stanford.edu wrote:
>>> It would be nice if you could pass -u and -g options to run as another
>>> user/group so that on systems where OpenLDAP is running as another user
>>> or group, the files created by slapadd & slapindex have the correct
>>> ownerships (rather than root, for example).
>> OK for slapadd; for slapindex and other tools, what about using
>> user/group info from the file(s) itself?
> Why not just use su(1)?  the only reason slapd(8) has -u/-g options
> is because it changes root after some initialization.

Because some people are brain dead, and because other people set up 
application accounts that don't actually have a shell.  It also makes 
things more consistent behavior wise.  I personally don't have this issue 
because I run openldap as root anyway, but I've seen list traffic about 
this on more than one occasion, and am seeing people hit it on the debian 
openldap list as well.


Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html