[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4719) Support for running slapadd/slapindex as a user

On Tue, Oct 24, 2006 at 07:00:40PM +0000, quanah@stanford.edu wrote:
> --On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:
> > At 11:48 AM 10/24/2006, ando@sys-net.it wrote:
> >> quanah@stanford.edu wrote:
> >>> It would be nice if you could pass -u and -g options to run as another
> >>> user/group so that on systems where OpenLDAP is running as another user
> >>> or group, the files created by slapadd & slapindex have the correct
> >>> ownerships (rather than root, for example).
> >>>
> >> OK for slapadd; for slapindex and other tools, what about using
> >> user/group info from the file(s) itself?
> >
> > Why not just use su(1)?  the only reason slapd(8) has -u/-g options
> > is because it changes root after some initialization.
> Because some people are brain dead, and because other people set up 
> application accounts that don't actually have a shell.  It also makes 
> things more consistent behavior wise.  I personally don't have this issue 
> because I run openldap as root anyway, but I've seen list traffic about 
> this on more than one occasion, and am seeing people hit it on the debian 
> openldap list as well.

The slapd initscript should/could chown the files whenever slapd is