[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#8786) Allow OpenLDAP to start as non-root

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#8786) Allow OpenLDAP to start as non-root
From: hyc@symas.com
Date: Fri, 08 Dec 2017 11:35:03 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

akram.benaissi@gmail.com wrote:
> Full_Name: Akram Ben Aissi
> Version: 1.1.10
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (77.154.204.242)
> 
> 
> Hi,
> 
> We want to run OpenLDAP in containers without root privilege, nor root user id.
> Actually, we start it with user uid=100000009, gid=0
> And we do proper chgrp 0 and chmod 0770 on require directories.
> 
> Because of this: https://github.com/winlibs/openldap/blob/master/servers/slapd/user.c#L158
> 
> we have that:
> Could not set real user id to 100000009
> 
> It would be better to check that setuid is required only if asked user is
> different from actual user.
> 
> Does it make sense ?

No. Just start slapd without specifying a userID.

Closing this ITS.

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

Prev by Date: Re: (ITS#8785) Password quality/Strength check
Next by Date: Re: (ITS#8429) deadlock on a modification operation with replication
Index(es):
- Chronological
- Thread