[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5166) Wrong DBD's database permissions when slapd starts

pedrorandrade@gmail.com wrote:

> One workaround is issuing 'sudo -u openldap slapadd ...' to avoid 
> chown'ing afterwards.

What you call a workaround is actually The Right Thing (TM).  There is
no way to setuid() tools simply because there's no need to, as they can
be run with the right identity.  The only reason slapd can be setuid()
is that it needs to start as root in order to bind to port 389, and
**then** setuid() before doing anything else.  Running programs as the
correct user is normal UNIX administration - or should OpenLDAP also
document ls, rm, ...?


Ing. Pierangelo Masarati
OpenLDAP Core Team

SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
Office:  +39 02 23998309
Mobile:  +39 333 4963172
Email:   pierangelo.masarati@sys-net.it