--On Thursday, January 31, 2008 8:50 AM +1100 Dave Horsfall daveh@coreng.com.au wrote:
On Wed, 30 Jan 2008, Bill Sterns wrote:
I'm currently running OpenLDAP 2.4.6 using SSL/TLS via OpenSSL 0.9.8b and Berkeley DB 4.6.21, which I built and installed from source as root. I'd like to be able to run slapd as a non-root user, as I've seen other packaged OpenLDAP distributions do in the past. However, when I try to run it as a non-root user, OpenLDAP does not have permission to access various things, such as slapd.conf, the back-end database files, and the directory to create its pid file when it starts up. I've tinkered with the file/group ownership and permissions for these files, and I've managed to get it running as a non-root user, but I'm not sure if this is the ideal way to do it. Is there a recommended way to do this?
Start it as root, and use the "-u" and "-g" flags; this is the recommended (if not the only) way to do it.
His example clearly shows he's already using -u, so I'm guessing this was already figured out.
But yes, the "user/group" slapd will run as must have the correct permissions to read what it needs to read, so setting those bits readable would be the correct thing to do.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration