[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unable to change local socket permissions...



That code is deprecated and should be removed; essentially, because most of the UN*X flavors simply ignore socket permissions, and the few that do require "write" to operate the socket (i.e., execute, write, read). The appropriate approach to using sockets is placing them in a specific directory, and use the directory permissions to limit access to the socket. This should be taken care of by system administrators, and not by OpenLDAP code.

p.

mitrohin a.s. wrote:

helo.

ldapi:///????!x-mod=0777 unsupported now?

openldap-2.2.27 "servers/slapd/daemon.c" line 891

       switch ( (*sal)->sa_family ) {
#ifdef LDAP_PF_LOCAL
       case AF_LOCAL: {
               char *addr = ((struct sockaddr_un *)*sal)->sun_path;
#if 0 /* don't muck with socket perms */
               if ( chmod( addr, l.sl_perms ) < 0 && crit ) {
                       int err = sock_errno();
#ifdef NEW_LOGGING
                       LDAP_LOG( CONNECTION, INFO,
                               "slap_open_listener: fchmod(%ld) failed errno=%d (%s)\n",
                               (long)l.sl_sd, err, sock_errstr(err) );
#else
                       Debug( LDAP_DEBUG_ANY, "daemon: fchmod(%ld) failed errno=%d (%s)",
                              (long) l.sl_sd, err, sock_errstr(err) );
#endif
                       tcp_close( l.sl_sd );
                       slap_free_listener_addresses(psal);
                       return -1;
               }
#endif
               l.sl_name.bv_len = strlen(addr) + sizeof("PATH=") - 1;
               l.sl_name.bv_val = ber_memalloc( l.sl_name.bv_len + 1 );
               snprintf( l.sl_name.bv_val, l.sl_name.bv_len + 1,
                               "PATH=%s", addr );
       } break;
#endif /* LDAP_PF_LOCAL */

why?

/swp





SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497