diff options
Diffstat (limited to 'debian/patches/index-files-created-as-root')
-rw-r--r-- | debian/patches/index-files-created-as-root | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..263b014 --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,37 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +--- a/doc/man/man8/slapindex.8 ++++ b/doc/man/man8/slapindex.8 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +--- a/servers/slapd/slapindex.c ++++ b/servers/slapd/slapindex.c +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; |