[Date Prev][Date Next]
Re: (ITS#5356) Catching index ownership errors
>> There are more ways (than slapindex) to break file ownership.
> There is, and we should probably also do that, but slapindex is far and
> away the most common and it would be cool if we could catch the problem
> before it happens instead of just warning afterwards.
slapadd has the same problem. For that matter, starting slapd without
-u can mess up for when you restart with -u. So we can just as well
make it general: If root opens a database for writing, fail instead if
the directory or database file is not owned by root. Unless a
slapd.conf option says differently I guess. Not sure if the
default should be to check that for slapd as well as the tools.