Steve Langasek <[EMAIL PROTECTED]> writes: > On Wed, Jul 11, 2007 at 06:56:15PM +1000, Trent W. Buck wrote:
>> slapd runs as the user openldap, so naturally I tried >> $ sudo -u openldap slapindex >> could not open config file "/etc/ldap/slapd.conf": Permission denied (13) >> slapindex: bad configuration file! >> I check the config file: >> $ ls -l /etc/ldap/slapd.conf >> -rw------- 1 root root 4366 2007-07-11 18:37 /etc/ldap/slapd.conf >> In #ldap on irc.freenode.net, _ranger_ told me that this file should be >> -rw-r----- 1 root openldap 4366 2007-07-11 18:37 /etc/ldap/slapd.conf >> This wouldn't be a problem if slapd ran as root, but apparently it >> runs as the user openldap by default. > Right, this is a bug; openldap needs to take care that the slapd.conf > file is created with permissions that allow reading by the openldap > user. We actually patch slapd to read the configuration file before dropping privileges. If we change the permissions on slapd.conf so that it's group-readable by openldap, we could also drop that patch, correct? I'd like to do that, to reduce divergence from upstream. -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
