[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP log file ownership getting modified automatically.

To: "Prashanth P.Nair" <prashanthppp@gmail.com>
Subject: Re: OpenLDAP log file ownership getting modified automatically.
From: Brian Reichert <reichert@numachi.com>
Date: Thu, 31 Mar 2016 10:50:41 -0400
Cc: Brian Reichert <reichert@numachi.com>, openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <CAH4BzzKBSN+kVW97_T39bq3W2kyZWNK1xuNfk14mE=0XPR9=0Q@mail.gmail.com>
References: <CAH4BzzKf+6onP7rA+u+ei0AZ-Y8_iBQXzu3nMTrNnabu52FE7A@mail.gmail.com> <20160329182009.GH76402@numachi.com> <CAH4BzzLEtp84nsnx3zXir8Xk=oW=aB6oJBMZs0NWKh0eE11yRQ@mail.gmail.com> <20160331141049.GL76402@numachi.com> <CAH4BzzKBSN+kVW97_T39bq3W2kyZWNK1xuNfk14mE=0XPR9=0Q@mail.gmail.com>
User-agent: Mutt/1.5.9i

On Thu, Mar 31, 2016 at 04:31:42PM +0200, Prashanth P.Nair wrote:
> On Thu, Mar 31, 2016 at 4:10 PM, Brian Reichert <reichert@numachi.com>
> wrote:
> 
> > On Wed, Mar 30, 2016 at 05:48:56PM +0200, Prashanth P.Nair wrote:
> > > Thanks Brian
> > >
> > > Yes.i have back up script which runs as root. But it stores the back file
> > > in different location .
> >
> > That script looks safe, but you didn't answer my other question:
> >
> > > > Does that node run any of the db_checkpoint utilities as a user
> > > > other than your openldap UID?
> >
> > Thanks Brian.
> 
> Could you  please let me know how that can be checked?

I have no way of knowing what sort of administrative tooling you
may have on your systems.

In my specific case, I was running a CentOS 5-based system. This
distribution had a version of OpenLDAP that was compiled against a
private copy of the Berkeley database library.

I had a home-rolled backup cronjob that ran these utilities:

  /usr/sbin/slapd_db_checkpoint
  /usr/sbin/slapd_db_archive

but did so as 'root', not as slapd's UID. Once in a great while,
this would result in a transaction log owned by root, and slapd
would fail.

-- 
Brian Reichert				<reichert@numachi.com>
BSD admin/developer at large

Follow-Ups:
- Re: OpenLDAP log file ownership getting modified automatically.
  - From: Michael Ströder <michael@stroeder.com>

References:
- OpenLDAP log file ownership getting modified automatically.
  - From: "Prashanth P.Nair" <prashanthppp@gmail.com>
- Re: OpenLDAP log file ownership getting modified automatically.
  - From: Brian Reichert <reichert@numachi.com>
- Re: OpenLDAP log file ownership getting modified automatically.
  - From: "Prashanth P.Nair" <prashanthppp@gmail.com>
- Re: OpenLDAP log file ownership getting modified automatically.
  - From: Brian Reichert <reichert@numachi.com>

Prev by Date: Re: OpenLDAP log file ownership getting modified automatically.
Next by Date: Re: CSN is matching but entries count differs in master and slaves
Index(es):
- Chronological
- Thread