Hello. I run a backup script on hdb backended slapd. The backup script which uses slapcat, for security reasons, does not run as user 'openldap' but as 'backup', which is a user of the openldap group. At first the script couldn't work because all dbd files are owned by openldap:openldap with permission 600. I changed to 660 then it works.
However the new files created by slapd in bdb directory is still 600. Since the default umask on the system is 022 (file permission should be 644), it's clear slapd did not follow the default umask, then I think changing umask before launching slapd wouldn't work neither. I RTFM (slapd) and didn't find a way to control umask for BDB files.
Is my approach of doing the backup wrong, or are there other ways to control default umask for bdb files for slapd?
Thanks. I searched the f*** web before posting.
--On Thursday, February 19, 2009 2:07 PM +0800 zhangweiwu@realss.com wrote:
Is my approach of doing the backup wrong, or are there other ways to control default umask for bdb files for slapd?
Read the manual page for slapd-bdb(5), specifically the "mode" keyword.
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration
openldap-software@openldap.org
-
Quanah Gibson-Mount -
zhangweiwu@realss.com