[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5356) Catching index ownership errors

rra@stanford.edu writes:
>> There are more ways (than slapindex) to break file ownership.
> There is, and we should probably also do that, but slapindex is far and
> away the most common and it would be cool if we could catch the problem
> before it happens instead of just warning afterwards.

slapadd has the same problem.  For that matter, starting slapd without
-u can mess up for when you restart with -u.  So we can just as well
make it general: If root opens a database for writing, fail instead if
the directory or database file is not owned by root.  Unless a
slapd.conf option says differently I guess.  Not sure if the
default should be to check that for slapd as well as the tools.