[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to change local socket permissions...

That code is deprecated and should be removed; essentially, because most of the UN*X flavors simply ignore socket permissions, and the few that do require "write" to operate the socket (i.e., execute, write, read). The appropriate approach to using sockets is placing them in a specific directory, and use the directory permissions to limit access to the socket. This should be taken care of by system administrators, and not by OpenLDAP code.


mitrohin a.s. wrote:


ldapi:///????!x-mod=0777 unsupported now?

openldap-2.2.27 "servers/slapd/daemon.c" line 891

       switch ( (*sal)->sa_family ) {
       case AF_LOCAL: {
               char *addr = ((struct sockaddr_un *)*sal)->sun_path;
#if 0 /* don't muck with socket perms */
               if ( chmod( addr, l.sl_perms ) < 0 && crit ) {
                       int err = sock_errno();
                       LDAP_LOG( CONNECTION, INFO,
                               "slap_open_listener: fchmod(%ld) failed errno=%d (%s)\n",
                               (long)l.sl_sd, err, sock_errstr(err) );
                       Debug( LDAP_DEBUG_ANY, "daemon: fchmod(%ld) failed errno=%d (%s)",
                              (long) l.sl_sd, err, sock_errstr(err) );
                       tcp_close( l.sl_sd );
                       return -1;
               l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
               l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
               snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
                               "PATH=%s", addr );
       } break;
#endif /* LDAP_PF_LOCAL */



SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497