summaryrefslogtreecommitdiffstats
path: root/debian/patches/index-files-created-as-root
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-27 11:11:40 +0000
commit2886df93860f983d875b7d6acb418faa31491d5a (patch)
treeb596ddcbb70247c1994f3b1d8ba9e793b9788a9d /debian/patches/index-files-created-as-root
parentAdding upstream version 2.4.57+dfsg. (diff)
downloadopenldap-2886df93860f983d875b7d6acb418faa31491d5a.tar.xz
openldap-2886df93860f983d875b7d6acb418faa31491d5a.zip
Adding debian version 2.4.57+dfsg-3+deb11u1.debian/2.4.57+dfsg-3+deb11u1debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/index-files-created-as-root')
-rw-r--r--debian/patches/index-files-created-as-root37
1 files changed, 37 insertions, 0 deletions
diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root
new file mode 100644
index 0000000..263b014
--- /dev/null
+++ b/debian/patches/index-files-created-as-root
@@ -0,0 +1,37 @@
+Document in the man page that slapindex should be run as the same user
+as slapd, and print a warning if it's run as root (since Debian defaults
+to running slapd as openldap).
+
+Not suitable for upstream in this form. This patch needs to be reworked
+to check the BerkeleyDB database ownership and only warn if running as
+root with a database that's not owned by root.
+
+Upstream ITS #5356 filed requesting better handling of this. Current
+upstream discussion leans towards putting the check into the database
+backend and aborting if slapd is run as a different user than the database
+owner, which is an even better fix.
+
+--- a/doc/man/man8/slapindex.8
++++ b/doc/man/man8/slapindex.8
+@@ -148,6 +148,10 @@
+ should not be running (at least, not in read-write
+ mode) when you do this to ensure consistency of the database.
+ .LP
++slapindex ought to be run as the user specified for
++.BR slapd (8)
++to ensure correct database permissions.
++.LP
+ This command provides ample opportunity for the user to obtain
+ and drink their favorite beverage.
+ .SH EXAMPLES
+--- a/servers/slapd/slapindex.c
++++ b/servers/slapd/slapindex.c
+@@ -34,6 +34,8 @@
+ int
+ slapindex( int argc, char **argv )
+ {
++ if (geteuid() == 0)
++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n");
+ ID id;
+ int rc = EXIT_SUCCESS;
+ const char *progname = "slapindex";