Re: chroot'd operation, userid

[Howard Chu <hyc@symas.com>]

Kurt D. Zeilenga wrote:

> > We've talked about this in the past - why don't we restructure things so that the user and group are read from the config, along with the listeners? I.e., defer dropping root privs until after the config has been read.
>
> Personally, I prefer our current approach.  Everything on the
> command line is done from the user/group/root of the parent,
> everything in the config file is done from the command line
> specified user/group/root.
>
> Placing user/group/root in the config file makes it confused
> as to what is processed under which user/group/root.  For
> instance, in a custom backend with custom directives, would
> these be processed before or after the change?

I was only talking about user and group and listeners, I would leave 
root on the command line. As for when they take effect, we'd require 
that they get issued before any backend or database directives. With 
back-config they would be in the global section and naturally execute 
before anything else.

--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/