[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5166) Wrong DBD's database permissions when slapd starts


Pierangelo Masarati is right all the way.

I'm not using the latest release. I'm using the one that debian provides.
C programming doesn't 'chroot's, it 'setuid();'s. My mistake. Sorry.
I'm not into the internals of openldap, but Pierangelo sure is and 
setuid() **before** reading the configuration files makes sense (which 
reminds me i should 'chown' those too), so I was far off.

But, one issue remains:
 When I deleted the files,
     /etc/init.d/slapd start
     /etc/init.d/slapd stop
     slapd -l base.ldif
     /etc/init.d/slapd start
     ldapdelete failed again with the same error: (80) entry index 
delete failed

After testing, I think the problem is with slapadd.
The above command (slapd -l base.ldif) created one 'objectClass.bdb' 
file owned by root:root.
After chown'ing that bdb file all works again.

Furthermore, if one skips the slapd start/stop steps, slapadd populates 
the database dir and all created files are owned by root.

Is this a bug or not? Shouldn't 'slapadd' setuid();?

One workaround is issuing 'sudo -u openldap slapadd ...' to avoid 
chown'ing afterwards.

Oh, and yes Pierangelo, I make mistakes. Lots of them, unfortunately, 
like many users. But I try not to post them in Bug reports  ;)