[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#5356) Catching index ownership errors

To: openldap-its@OpenLDAP.org
Subject: (ITS#5356) Catching index ownership errors
From: rra@stanford.edu
Date: Thu, 7 Feb 2008 06:22:12 GMT

Full_Name: Russ Allbery
Version: 2.4.7
OS: Debian GNU/Linux
URL: 
Submission from: (NULL) (171.66.157.16)


One of the most common problems we see in Debian with people new to OpenLDAP is
that they run slapindex as root when they're running their directory server as a
non-root user and hence break the file ownership and the database.

Would it be possible to add a check in slapindex where, if slapindex is running
as root and the database files are owned by a different user, it would either
refuse to run (possibly overideable by a flag) or at least print a warning
saying that ownership may have to be fixed later?

One possible problem, I know, is that the names of the database files are a
matter for the database backend and slapindex really shouldn't know what they
are.  But maybe the check could somehow be added to back-bdb and back-hdb and
exposed for slapindex to use?

Prev by Date: (ITS#5355) back-meta calls back-ldap directly
Next by Date: Re: (ITS#5280) JLDAP waits for response for request which hasn't been sent because of connection shutdown
Index(es):
- Chronological
- Thread