[Date Prev][Date Next]
Re: Running slapd as a non-root user
--On Thursday, January 31, 2008 8:50 AM +1100 Dave Horsfall
On Wed, 30 Jan 2008, Bill Sterns wrote:
I'm currently running OpenLDAP 2.4.6 using SSL/TLS via OpenSSL 0.9.8b
and Berkeley DB 4.6.21, which I built and installed from source as root.
I'd like to be able to run slapd as a non-root user, as I've seen other
packaged OpenLDAP distributions do in the past. However, when I try to
run it as a non-root user, OpenLDAP does not have permission to access
various things, such as slapd.conf, the back-end database files, and the
directory to create its pid file when it starts up. I've tinkered with
the file/group ownership and permissions for these files, and I've
managed to get it running as a non-root user, but I'm not sure if this
is the ideal way to do it. Is there a recommended way to do this?
Start it as root, and use the "-u" and "-g" flags; this is the
recommended (if not the only) way to do it.
His example clearly shows he's already using -u, so I'm guessing this was
already figured out.
But yes, the "user/group" slapd will run as must have the correct
permissions to read what it needs to read, so setting those bits readable
would be the correct thing to do.
Principal Software Engineer
Zimbra :: the leader in open source messaging and collaboration