RE: Running slapd as a non-root user

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Wednesday, January 30, 2008 6:48 PM -0600 Bill Sterns 
<mrbill321@hotmail.com> wrote:

> I've tried using the -u option by itself, and I've tried the -u and -g
> together, but it still does not work. Also, I'm specifying 10636 as the
> port, so the non-root user should be able to listen on it without any
> problems. The problem seems to be that when OpenLDAP is installed as
> root, the configuration and database files are owned by root and are not
> viewable if you're not root. For example, here's the permissions on
> slapd.conf after the installation:


All of this applies to what I wrote below.  The user *must* be able to read 
the database, conf files, etc.  Period.  If you've set it root only, then 
you haven't configured things right.

> > But yes, the "user/group" slapd will run as must have the correct
> > permissions to read what it needs to read, so setting those bits
> > readable  would be the correct thing to do.

--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration