[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ITS#98 'user' patch for BSD systems

At 04:27 AM 3/12/99 -0800, Kurt D. Zeilenga wrote:
>As far as uid/gid support goes, I'd like to see it modeled after
>named (under FreeBSD at least) -u/-g options.  These allow specification
>of the uid/gid by name or id.  If gid is not specificied, then getgroups()
>is used (which opens access to to all groups that this uid is in).

named also supports a chroot() sandbox.  This would be another
feature that could be added.  
  slapd -u openldap -g openldap -t ~openldap/sandbox

Of course, getting chroot right is even harder than uid/gid changes.

The uid/gid/root changes may also only be feasible with a subset of
the backends (ie: ldbm/bdb2).  For example, back-passwd requires
privledged access to the system password file.  back-perl and pack-tcl
also have special requirements.