Full_Name: Russ Allbery Version: 2.4.7 OS: Debian GNU/Linux URL: Submission from: (NULL) (171.66.157.16)

One of the most common problems we see in Debian with people new to OpenLDAP is that they run slapindex as root when they're running their directory server as a non-root user and hence break the file ownership and the database.

Would it be possible to add a check in slapindex where, if slapindex is running as root and the database files are owned by a different user, it would either refuse to run (possibly overideable by a flag) or at least print a warning saying that ownership may have to be fixed later?

One possible problem, I know, is that the names of the database files are a matter for the database backend and slapindex really shouldn't know what they are. But maybe the check could somehow be added to back-bdb and back-hdb and exposed for slapindex to use?