Re: execve problem with back-shell

[Andrew Findlay <andrew.findlay@skills-1st.co.uk>]

On Sun, Mar 06, 2011 at 06:52:21PM -0500, Michael Smith wrote:

> Commands to execute slapd: 
> ~$ sudo su
> # /usr/sbin/slapd  -d 0x4400 -f /etc/ldap/slapd2.conf -h "ldap://127.0.0.1:3889"; -u openldap -g openldap 

> [pid 19068] execve("/usr/local/bin/backshell.sh", ["/usr/local/bin/backshell.sh"], ["SHELL=/bin/bash", "TERM=xterm", "USER=root", "LS_COLORS=no=00:fi=00:di=01;34:l"..., "SUDO_USER=mike", "SUDO_UID=1001", "USERNAME=root", "PATH=/usr/local/sbin:/usr/local/"..., "MAIL=/var/mail/root", "PWD=/home/mike", "LANG=en_US.UTF-8", "SHLVL=1", "SUDO_COMMAND=/bin/su", "HOME=/root", "LOGNAME=root", "LESSOPEN=| /usr/bin/lesspipe %s", "SUDO_GID=1001", "LESSCLOSE=/usr/bin/lesspipe %s %"..., "_=/usr/sbin/slapd"]) = -1 EACCES (Permission denied)

Slapd is running as the 'openldap' user. Does that user have a valid
shell? (i.e. can you do 'su openldap' and get a usable prompt?) Without
that, you probably cannot run shell scripts in most modern systems.

Try setting openldap's shell to /bin/bash in /etc/passwd

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------