On Tue, Sep 12, 2023 at 04:44:15PM +0200, cYuSeDfZfb cYuSeDfZfb wrote:
Hi,
We're seeing this quite consistently.
Before updating: [root@ldaps01 log]# ls -l /var/symas/ drwx------. 3 ldap ldap 50 Aug 28 16:28 openldap-data
After updating: [root@ldaps01 log]# ls -l /var/symas/ drwx------. 3 root root 50 Aug 28 16:28 openldap-data
And afterwards symas-openldap-server (running as ldap:ldap) no longer starts, since permission denied on /var/symas/openldap-data.
Reverting the permissions back to ldap:ldap solves it. But...WHY is this happening.
Are we somehow encouraged to run openldap as root..?
Why would a post-install script reset permissions on /var/symas/openldap-data?
Hi, openldap-data is owned by the package and as such you'll have to tell rpm somehow (a trigger, ...) that you don't want it to mess with it. AFAIK there's work ongoing to make the directory 711 which should sort things for you.
That's unless you're putting the databases directly into /var/symas/openldap-data, we advise you create a subdirectory per DB, e.g. /var/symas/openldap-data/dc=example,dc=com or /var/symas/openldap-data/cn=accesslog.
Regards,