[Pkg-openldap-devel] Bug#432662: Bug#432662: Bug#432662: slapd.conf group not openldap
Russ Allbery
rra at debian.org
Mon Nov 12 01:19:48 UTC 2007
Steve Langasek <vorlon at debian.org> writes:
> On Wed, Jul 11, 2007 at 06:56:15PM +1000, Trent W. Buck wrote:
>> slapd runs as the user openldap, so naturally I tried
>> $ sudo -u openldap slapindex
>> could not open config file "/etc/ldap/slapd.conf": Permission denied (13)
>> slapindex: bad configuration file!
>> I check the config file:
>> $ ls -l /etc/ldap/slapd.conf
>> -rw------- 1 root root 4366 2007-07-11 18:37 /etc/ldap/slapd.conf
>> In #ldap on irc.freenode.net, _ranger_ told me that this file should be
>> -rw-r----- 1 root openldap 4366 2007-07-11 18:37 /etc/ldap/slapd.conf
>> This wouldn't be a problem if slapd ran as root, but apparently it
>> runs as the user openldap by default.
> Right, this is a bug; openldap needs to take care that the slapd.conf
> file is created with permissions that allow reading by the openldap
> user.
We actually patch slapd to read the configuration file before dropping
privileges. If we change the permissions on slapd.conf so that it's
group-readable by openldap, we could also drop that patch, correct? I'd
like to do that, to reduce divergence from upstream.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-openldap-devel
mailing list