[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5166) Wrong DBD's database permissions when slapd starts

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
From: ando@sys-net.it
Date: Thu, 4 Oct 2007 05:13:03 GMT

pedrorandrade@gmail.com wrote:

> One workaround is issuing 'sudo -u openldap slapadd ...' to avoid 
> chown'ing afterwards.

What you call a workaround is actually The Right Thing (TM).  There is
no way to setuid() tools simply because there's no need to, as they can
be run with the right identity.  The only reason slapd can be setuid()
is that it needs to start as root in order to bind to port 389, and
**then** setuid() before doing anything else.  Running programs as the
correct user is normal UNIX administration - or should OpenLDAP also
document ls, rm, ...?

p.

Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
---------------------------------------
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it
---------------------------------------

Prev by Date: Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
Next by Date: (ITS#5167) Contribution of section for admin guide covering memberof overlay
Index(es):
- Chronological
- Thread