Re: Running slapd as a non-root user

[Quanah Gibson-Mount <quanah@zimbra.com>]

--On Thursday, January 31, 2008 8:50 AM +1100 Dave Horsfall 
<daveh@coreng.com.au> wrote:

> On Wed, 30 Jan 2008, Bill Sterns wrote:
>
> > I'm currently running OpenLDAP 2.4.6 using SSL/TLS via OpenSSL 0.9.8b
> > and Berkeley DB 4.6.21, which I built and installed from source as root.
> > I'd like to be able to run slapd as a non-root user, as I've seen other
> > packaged OpenLDAP distributions do in the past. However, when I try to
> > run it as a non-root user, OpenLDAP does not have permission to access
> > various things, such as slapd.conf, the back-end database files, and the
> > directory to create its pid file when it starts up. I've tinkered with
> > the file/group ownership and permissions for these files, and I've
> > managed to get it running as a non-root user, but I'm not sure if this
> > is the ideal way to do it. Is there a recommended way to do this?
>
> Start it as root, and use the "-u" and "-g" flags; this is the
> recommended  (if not the only) way to do it.

His example clearly shows he's already using -u, so I'm guessing this was 
already figured out.

But yes, the "user/group" slapd will run as must have the correct 
permissions to read what it needs to read, so setting those bits readable 
would be the correct thing to do.

--Quanah


--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration