[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#8786) Allow OpenLDAP to start as non-root
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#8786) Allow OpenLDAP to start as non-root
- From: hyc@symas.com
- Date: Fri, 08 Dec 2017 11:35:03 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
akram.benaissi@gmail.com wrote:
> Full_Name: Akram Ben Aissi
> Version: 1.1.10
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (77.154.204.242)
>
>
> Hi,
>
> We want to run OpenLDAP in containers without root privilege, nor root user id.
> Actually, we start it with user uid=100000009, gid=0
> And we do proper chgrp 0 and chmod 0770 on require directories.
>
> Because of this: https://github.com/winlibs/openldap/blob/master/servers/slapd/user.c#L158
>
> we have that:
> Could not set real user id to 100000009
>
> It would be better to check that setuid is required only if asked user is
> different from actual user.
>
> Does it make sense ?
No. Just start slapd without specifying a userID.
Closing this ITS.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/