On 09/06/2017 09:29 AM, Howard Chu wrote:
Learn something about Unix, please.
Use the ps command to verify that the process at least has the correct name. The init script should know it's looking for a process named slapd, not init.
Supposing we want to copy/paste two or more "ps" calls into every slapd init script, this still lets a hacker prevent his own hacked process from being killed by writing junk into the file.
If the standard practice was to write the PID file as an unprivileged user, we would need to not only copy/paste those "ps" calls into every slapd init script, but literally every init script for every daemon. Apparently my predecessors didn't want to do that, so the standard practice is to write the PID file as root. Do with that information what you will.