[Date Prev][Date Next]
Re: (ITS#4719) Support for running slapadd/slapindex as a user
--On Tuesday, October 24, 2006 7:16 PM +0000 email@example.com wrote:
> On Tue, Oct 24, 2006 at 07:00:40PM +0000, firstname.lastname@example.org wrote:
>> --On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:
>> > At 11:48 AM 10/24/2006, email@example.com wrote:
>> >> firstname.lastname@example.org wrote:
>> >>> It would be nice if you could pass -u and -g options to run as
>> >>> another user/group so that on systems where OpenLDAP is running as
>> >>> another user or group, the files created by slapadd & slapindex have
>> >>> the correct ownerships (rather than root, for example).
>> >> OK for slapadd; for slapindex and other tools, what about using
>> >> user/group info from the file(s) itself?
>> > Why not just use su(1)? the only reason slapd(8) has -u/-g options
>> > is because it changes root after some initialization.
>> Because some people are brain dead, and because other people set up
>> application accounts that don't actually have a shell. It also makes
>> things more consistent behavior wise. I personally don't have this
>> issue because I run openldap as root anyway, but I've seen list traffic
>> about this on more than one occasion, and am seeing people hit it on
>> the debian openldap list as well.
> The slapd initscript should/could chown the files whenever slapd is
And how would the init script know the locations of X number of databases,
particularly if back-config is used?
Principal Software Developer
ITS/Shared Application Services
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html