[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#5166) Wrong DBD's database permissions when slapd starts
OK.
Pierangelo Masarati is right all the way.
I'm not using the latest release. I'm using the one that debian provides.
C programming doesn't 'chroot's, it 'setuid();'s. My mistake. Sorry.
I'm not into the internals of openldap, but Pierangelo sure is and
setuid() **before** reading the configuration files makes sense (which
reminds me i should 'chown' those too), so I was far off.
But, one issue remains:
When I deleted the files,
/etc/init.d/slapd start
/etc/init.d/slapd stop
slapd -l base.ldif
/etc/init.d/slapd start
ldapdelete failed again with the same error: (80) entry index
delete failed
After testing, I think the problem is with slapadd.
The above command (slapd -l base.ldif) created one 'objectClass.bdb'
file owned by root:root.
After chown'ing that bdb file all works again.
Furthermore, if one skips the slapd start/stop steps, slapadd populates
the database dir and all created files are owned by root.
Is this a bug or not? Shouldn't 'slapadd' setuid();?
One workaround is issuing 'sudo -u openldap slapadd ...' to avoid
chown'ing afterwards.
Oh, and yes Pierangelo, I make mistakes. Lots of them, unfortunately,
like many users. But I try not to post them in Bug reports ;)