--nextPart6645744.gz20WZ6vTg Content-Type: text/plain; charset="iso-8859-6" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
On Tuesday 24 October 2006 21:00, quanah@stanford.edu wrote:
--On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:
At 11:48 AM 10/24/2006, ando@sys-net.it wrote:
quanah@stanford.edu wrote:
It would be nice if you could pass -u and -g options to run as another user/group so that on systems where OpenLDAP is running as another us=
er
or group, the files created by slapadd & slapindex have the correct ownerships (rather than root, for example).
OK for slapadd; for slapindex and other tools, what about using user/group info from the file(s) itself?
Why not just use su(1)? the only reason slapd(8) has -u/-g options is because it changes root after some initialization.
Because some people are brain dead, and because other people set up application accounts that don't actually have a shell.
And some brain-dead OS's have an su without a -s flag ?
It also makes=20 things more consistent behavior wise. I personally don't have this issue because I run openldap as root anyway, but I've seen list traffic about this on more than one occasion, and am seeing people hit it on the debian openldap list as well.
Debian doesn't have a brain-dead su, so 'su -s /bin/bash -c "slapadd ...."'= =20 etc. is feasible.
One of my colleagues has a sticker on his monitor which says: Social Engineering Specialist: because there is no patch for stupidity.
I haven't seen the need for this myself (but then I don't use back-config, = and=20 my initscript parses slapd.conf to find all database directories, and check= s=20 ownership on all of them).
Regards, Buchan
=2D-=20 Buchan Milne ISP Systems Specialist - Monitoring/Authentication Team Leader B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)
--nextPart6645744.gz20WZ6vTg Content-Type: application/pgp-signature
--nextPart6645744.gz20WZ6vTg--
-
bgmilne@staff.telkomsa.net