[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Running slapd as a non-root user

--On Thursday, January 31, 2008 8:50 AM +1100 Dave Horsfall <daveh@coreng.com.au> wrote:

On Wed, 30 Jan 2008, Bill Sterns wrote:

I'm currently running OpenLDAP 2.4.6 using SSL/TLS via OpenSSL 0.9.8b
and Berkeley DB 4.6.21, which I built and installed from source as root.
I'd like to be able to run slapd as a non-root user, as I've seen other
packaged OpenLDAP distributions do in the past. However, when I try to
run it as a non-root user, OpenLDAP does not have permission to access
various things, such as slapd.conf, the back-end database files, and the
directory to create its pid file when it starts up. I've tinkered with
the file/group ownership and permissions for these files, and I've
managed to get it running as a non-root user, but I'm not sure if this
is the ideal way to do it. Is there a recommended way to do this?

Start it as root, and use the "-u" and "-g" flags; this is the recommended (if not the only) way to do it.

His example clearly shows he's already using -u, so I'm guessing this was already figured out.

But yes, the "user/group" slapd will run as must have the correct permissions to read what it needs to read, so setting those bits readable would be the correct thing to do.



Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration