Re: OpenLDAP log file ownership getting modified automatically.

["Prashanth P.Nair" <prashanthppp@gmail.com>]

On Thu, Mar 31, 2016 at 4:50 PM, Brian Reichert <reichert@numachi.com> wrote:

On Thu, Mar 31, 2016 at 04:31:42PM +0200, Prashanth P.Nair wrote:
> On Thu, Mar 31, 2016 at 4:10 PM, Brian Reichert <reichert@numachi.com>
> wrote:
>
> > On Wed, Mar 30, 2016 at 05:48:56PM +0200, Prashanth P.Nair wrote:
> > > Thanks Brian
> > >
> > > Yes.i have back up script which runs as root. But it stores the back file
> > > in different location .
> >
> > That script looks safe, but you didn't answer my other question:
> >
> > > > Does that node run any of the db_checkpoint utilities as a user
> > > > other than your openldap UID?
> >
> > Thanks Brian.
>
> Could you  please let me know how that can be checked?

I have no way of knowing what sort of administrative tooling you
may have on your systems.

In my specific case, I was running a CentOS 5-based system. This
distribution had a version of OpenLDAP that was compiled against a
private copy of the Berkeley database library.

I had a home-rolled backup cronjob that ran these utilities:

  /usr/sbin/slapd_db_checkpoint
  /usr/sbin/slapd_db_archive

but did so as 'root', not as slapd's UID. Once in a great while,
this would result in a transaction log owned by root, and slapd
would fail.

I dont find any db utilites running..

Am running ldap on debian machine . and i have below db utilities.But its not running at all.

+++-=======================-================-================-====================================================

ii  db4.8-util              4.8.30-2         amd64            Berkeley v4.8 Database Utilities

-rwxr-xr-x 1 root root   8088 Aug 30  2010 /usr/bin/db4.8_archive

-rwxr-xr-x 1 root root   9896 Aug 30  2010 /usr/bin/db4.8_checkpoint

-rwxr-xr-x 1 root root  10136 Aug 30  2010 /usr/bin/db4.8_deadlock

-rwxr-xr-x 1 root root  12376 Aug 30  2010 /usr/bin/db4.8_dump

-rwxr-xr-x 1 root root  17200 Aug 30  2010 /usr/bin/db4.8_hotbackup

-rwxr-xr-x 1 root root  23432 Aug 30  2010 /usr/bin/db4.8_load

-rwxr-xr-x 1 root root  67440 Aug 30  2010 /usr/bin/db4.8_printlog

-rwxr-xr-x 1 root root   9928 Aug 30  2010 /usr/bin/db4.8_recover

-rwxr-xr-x 1 root root 119224 Aug 30  2010 /usr/bin/db4.8_sql

-rwxr-xr-x 1 root root  10944 Aug 30  2010 /usr/bin/db4.8_stat

-rwxr-xr-x 1 root root   8760 Aug 30  2010 /usr/bin/db4.8_upgrade

-rwxr-xr-x 1 root root   9240 Aug 30  2010 /usr/bin/db4.8_verify 

--
Brian Reichert                          <reichert@numachi.com>
BSD admin/developer at large