--On Tuesday, October 24, 2006 7:16 PM +0000 ahasenack@terra.com.br wrote:
On Tue, Oct 24, 2006 at 07:00:40PM +0000, quanah@stanford.edu wrote:
--On Tuesday, October 24, 2006 6:52 PM +0000 Kurt@OpenLDAP.org wrote:
At 11:48 AM 10/24/2006, ando@sys-net.it wrote:
quanah@stanford.edu wrote:
It would be nice if you could pass -u and -g options to run as another user/group so that on systems where OpenLDAP is running as another user or group, the files created by slapadd & slapindex have the correct ownerships (rather than root, for example).
OK for slapadd; for slapindex and other tools, what about using user/group info from the file(s) itself?
Why not just use su(1)? the only reason slapd(8) has -u/-g options is because it changes root after some initialization.
Because some people are brain dead, and because other people set up application accounts that don't actually have a shell. It also makes things more consistent behavior wise. I personally don't have this issue because I run openldap as root anyway, but I've seen list traffic about this on more than one occasion, and am seeing people hit it on the debian openldap list as well.
The slapd initscript should/could chown the files whenever slapd is (re)started.
And how would the init script know the locations of X number of databases, particularly if back-config is used?
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITS/Shared Application Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html