[Pkg-openldap-devel] Bug#402705: slapd: Runnin postinst chown -R'd /var/run to openldap:openldap

Manoj Srivastava srivasta at debian.org
Tue Dec 12 08:58:28 CET 2006 

Package: slapd
Version: 2.3.30-1
Severity: critical

        Why is it critical? well sshd fails to restart saying that
 /var/run/sshd needs to be owned by root; inn did not restart, and
 neither did postgresql.  All kinds of unrelated software broke when
 this happens.

        I can reproduce at will by running as root:
 bash -x /var/lib/dpkg/info/slapd.postinst configure

        I debugged it to the point where one part of the script was
 writing to file descriptor 9 for a Perl script to read to psit out
 where the database dir was, and realized this is a bit much to be
 debugging at 2am while trying to ensure my machine reovers from this.

__> sudo grep '^directory' /etc/ldap/slapd.conf
directory       "/var/lib/ldap"


        I don't really use ldap anymore, so I am on the verge of
 purging this, but I'll keep it installed long enough to help debug
 this issue.

        manoj

__> bash -x /var/lib/dpkg/info/slapd.postinst configure 
+ set -e
+ . /usr/share/debconf/confmodule
++ '[' '!' '' ']'
++ PERL_DL_NONLAZY=1
++ export PERL_DL_NONLAZY
++ '[' '' ']'
++ exec /usr/share/debconf/frontend /var/lib/dpkg/info/slapd.postinst configure
  Omitting slapd configuration as requested.
Starting OpenLDAP: slapd.
__> ll /var/run
total 500
 8 drwxr-xr-x 47 openldap openldap 4096 2006-12-12 01:17 .
 8 drwxr-xr-x 20 root     root     4096 2006-12-12 01:42 ..
 0 srw-rw-rw-  1 openldap openldap    0 2006-12-08 00:04 acpid.socket
 8 drwxr-xr-x  2 openldap openldap 4096 2006-10-23 00:02 alsa
 4 drwxr-xr-x  2 openldap openldap 4096 2006-12-12 00:52 apache2
 4 -rw-r--r--  1 openldap openldap    5 2006-12-12 00:58 apache2.pid
 8 drwxr-xr-x  2 openldap openldap 4096 2006-12-10 07:16 apt-proxy
 4 -rw-r--r--  1 openldap openldap    5 2006-12-08 00:05 arpwatch-lan0.pid
 4 -rw-r--r--  1 openldap openldap    5 2006-12-08 00:05 atd.pid
 8 drwxr-xr-x  2 openldap openldap 4096 2006-12-08 00:04 autofs
 8 drwxr-xr-x  2 openldap openldap 4096 2006-12-08 00:04 avahi-daemon
 8 drwxr-xr-x  3 openldap openldap 4096 2002-11-14 22:13 bind
 8 drwxr-xr-x  2 openldap openldap 4096 2006-11-28 09:25 checksecurity
 8 drwxrwxr-x  2 openldap openldap 4096 2006-12-08 00:04 clamav
 8 drwxr-xr-x  3 openldap openldap 4096 2006-12-08 00:04 courier
 8 drwxr-xr-x  3 openldap openldap 4096 2003-09-04 17:27 Crack
 4 -rw-r--r--  1 openldap openldap    5 2006-12-08 00:05 crond.pid
 0 ----------  1 openldap openldap    0 2006-12-08 00:05 crond.reboot
 8 drwxr-xr-x  3 openldap openldap 4096 2006-12-11 07:38 cups
 8 drwxr-xr-x  2 openldap openldap 4096 2006-12-08 00:04 dbus
 4 -rw-r--r--  1 openldap openldap    5 2006-12-08 00:05 dhcpd.pid
 4 -rw-r--r--  1 openldap openldap    5 2006-12-08 00:04 dictd.pid
   ....

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.2-mh7-skas3-v9-pre9
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)

Versions of packages slapd depends on:
ii  adduser                   3.100          Add and remove users and groups
ii  coreutils                 5.97-5.2       The GNU core utilities
ii  debconf [debconf-2.0]     1.5.9          Debian configuration management sy
ii  libc6                     2.3.6.ds1-9    GNU C Library: Shared libraries
ii  libdb4.2                  4.2.52+dfsg-1  Berkeley v4.2 Database Libraries [
ii  libiodbc2                 3.52.4-3       iODBC Driver Manager
ii  libldap-2.3-0             2.3.30-1       OpenLDAP libraries
ii  libltdl3                  1.5.22-4       A system independent dlopen wrappe
ii  libperl5.8                5.8.8-7        Shared Perl library
ii  libsasl2-2                2.1.22.dfsg1-7 Authentication abstraction library
ii  libslp1                   1.2.1-6        OpenSLP libraries
ii  libssl0.9.8               0.9.8c-4       SSL shared libraries
ii  libwrap0                  7.6.dbs-11     Wietse Venema's TCP wrappers libra
ii  perl [libmime-base64-perl 5.8.8-7        Larry Wall's Practical Extraction 
ii  psmisc                    22.3-1         Utilities that use the proc filesy

Versions of packages slapd recommends:
ii  libsasl2-modules          2.1.22.dfsg1-7 Pluggable Authentication Modules f

-- debconf information:
  slapd/ldif_noexist:
* shared/organization: green-gryphon.com
  slapd/unknown_class:
* slapd/allow_ldap_v2: false
* slapd/fill_method: auto
  slapd/no_password:
  slapd/slurpd/binddn:
  slapd/ldif_file:
  slapd/slave_databases_require_updateref:
* slapd/dump_database_destdir: /var/backups/slapd-VERSION
* slapd/domain: green-gryphon.com
  slapd/password_mismatch:
* slapd/invalid_config: false
  slapd/upgrade_slapadd_failure:
  slapd/custom_suffix:
* slapd/dump_database: when needed
  slapd/migrate_ldbm_to_bdb: false
  slapd/internal/admin: cn=admin,dc=green-gryphon,dc=com
* slapd/purge_database: false
  slapd/admin:
* slapd/fix_directory: true
* slapd/conf_exists:
  slapd/upgrade_slapcat_failure:
  shared/locale/countrycode:
* slapd/backend: BDB
* slapd/no_configuration: true
* slapd/move_old_database: true
  slapd/suffix_change: false
  slapd/invalid_suffix: false
  slapd/slurpd/port: 389
* slapd/suffix_type: domain or host
  slapd/autoconf_modules: true
* slapd/replicate: false
  slapd/internal/dn: dc=green-gryphon,dc=com
  slapd/slurpd/host:

-- 
"Nature is very un-American.  Nature never hurries." William George
Jordan
Manoj Srivastava <srivasta at acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

More information about the Pkg-openldap-devel mailing list