diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 17:54:14 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-15 17:54:14 +0000 |
| commit | 83da7a0ac93decce70c1a02b0739020d8e2b69fd (patch) | |
| tree | 0c298e82da8861a97aa152863f30eb4af5b80b37 /debian/patches/index-files-created-as-root | |
| parent | Adding upstream version 2.6.7+dfsg. (diff) | |
| download | openldap-debian/2.6.7+dfsg-1_exp1.tar.xz openldap-debian/2.6.7+dfsg-1_exp1.zip | |
Adding debian version 2.6.7+dfsg-1~exp1.debian/2.6.7+dfsg-1_exp1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/index-files-created-as-root')
| -rw-r--r-- | debian/patches/index-files-created-as-root | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..432113c --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,41 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +Index: openldap/doc/man/man8/slapindex.8 +=================================================================== +--- openldap.orig/doc/man/man8/slapindex.8 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/doc/man/man8/slapindex.8 2022-05-20 17:36:11.605245612 -0400 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +Index: openldap/servers/slapd/slapindex.c +=================================================================== +--- openldap.orig/servers/slapd/slapindex.c 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/servers/slapd/slapindex.c 2022-05-20 17:36:11.605245612 -0400 +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; |