[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: breaking up slap_init_user() for better chroot functionality

I attempted a minimal chroot installation of slapd today which failed due to the following error:
/etc/pwd.db: No such file or directory

After reading through the source for main.c and user.c and the discussions on the devel mailing list about the addition of the chroot feature I'm left wondering if slap_init_user() should be rewritten in two pieces. The first part of slap_init_user() currently does uid and gid lookups in the system databases and the second part drops privilege. If broken up, the first part could then be called before the chroot allowing for chroot installs without having to copy /etc/pwd.db to ${CHROOTDIR}/etc/pwd.db.

If all you want to do is avoid -u/-g from accessing passwd/group files in the chroot environment, simply do: slapd -u `id -u ldap` -g `id -g ldap` -r ~ldap

No need to change long established command line semantics.


I tried that before I read the source. If given the uid the code calls getpwuid() instead of getpwnam(), still requiring access to /etc/pwd.db.

Why do you think the suggested split would change command line semantics?