On Fri, 2002-08-16 at 18:05, Joe Tseng wrote: > > # service ldap start > Starting slapd: /etc/openldap/slapd.conf: Permission denied > [FAILED] > > I had my permissions for slapd.conf set to 700 per recommendations from a > book
Red Hat's security is better than the book's recommendation :) Red Hat's init script runs the slapd daemon as the "ldap" user. As that user, it has read access to the slapd.conf file. > and the owner was set to root; this message goes away if I change it to > 740 Exactly. You have observed that the default configuration works properly. Logical conclusion: Don't change the default configuration ;) > I also do not get any messages if I run "slapd -f slapd.conf" from the > command line. In that case, you're running it as root. > Any have any ideas why this occurs? I thought init scripts > were always run as root. The init scripts are, but they have the capability of running the daemon as another user. That is the case with slapd. It runs as a non-root user, because it doesn't need root access to anything. > Also I have my rootpw in slapd.conf encrypted. Would this be acceptable if > my permissions were 740? Yes, it is. Changing permissions to 0740 only grants read access to the "ldap" group. Unless you've added untrusted users to the LDAP group, it will only be readable by the slapd daemon. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
