[Date Prev][Date Next]
Re: ITS#98 'user' patch for BSD systems
At 04:27 AM 3/12/99 -0800, Kurt D. Zeilenga wrote:
>As far as uid/gid support goes, I'd like to see it modeled after
>named (under FreeBSD at least) -u/-g options. These allow specification
>of the uid/gid by name or id. If gid is not specificied, then getgroups()
>is used (which opens access to to all groups that this uid is in).
named also supports a chroot() sandbox. This would be another
feature that could be added.
slapd -u openldap -g openldap -t ~openldap/sandbox
Of course, getting chroot right is even harder than uid/gid changes.
The uid/gid/root changes may also only be feasible with a subset of
the backends (ie: ldbm/bdb2). For example, back-passwd requires
privledged access to the system password file. back-perl and pack-tcl
also have special requirements.