On Sun, Nov 11, 2007 at 05:19:48PM -0800, Russ Allbery wrote: > Steve Langasek <[EMAIL PROTECTED]> writes: > > On Wed, Jul 11, 2007 at 06:56:15PM +1000, Trent W. Buck wrote:
> >> slapd runs as the user openldap, so naturally I tried > >> $ sudo -u openldap slapindex > >> could not open config file "/etc/ldap/slapd.conf": Permission denied > >> (13) > >> slapindex: bad configuration file! > >> I check the config file: > >> $ ls -l /etc/ldap/slapd.conf > >> -rw------- 1 root root 4366 2007-07-11 18:37 /etc/ldap/slapd.conf > >> In #ldap on irc.freenode.net, _ranger_ told me that this file should be > >> -rw-r----- 1 root openldap 4366 2007-07-11 18:37 /etc/ldap/slapd.conf > >> This wouldn't be a problem if slapd ran as root, but apparently it > >> runs as the user openldap by default. > > Right, this is a bug; openldap needs to take care that the slapd.conf > > file is created with permissions that allow reading by the openldap > > user. > We actually patch slapd to read the configuration file before dropping > privileges. If we change the permissions on slapd.conf so that it's > group-readable by openldap, we could also drop that patch, correct? I'd > like to do that, to reduce divergence from upstream. Sounds right to me. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
