[Date Prev][Date Next] [Chronological] [Thread] [Top]

how to change the umask of dbd fies by slapd

Hello. I run a backup script on hdb backended slapd. The backup script
which uses slapcat, for security reasons, does not run as user
'openldap' but as 'backup', which is a user of the openldap group. At
first the script couldn't work because all dbd files are owned by
openldap:openldap with permission 600. I changed to 660 then it works.

However the new files created by slapd in bdb directory is still 600.
Since the default umask on the system is 022 (file permission should be
644), it's clear slapd did not follow the default umask, then I think
changing umask before launching slapd wouldn't work neither. I RTFM
(slapd) and didn't find a way to control umask for BDB files.

Is my approach of doing the backup wrong, or are there other ways to
control default umask for bdb files for slapd?

Thanks. I searched the f*** web before posting.