From 83da7a0ac93decce70c1a02b0739020d8e2b69fd Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 19:54:14 +0200 Subject: Adding debian version 2.6.7+dfsg-1~exp1. Signed-off-by: Daniel Baumann --- debian/patches/index-files-created-as-root | 41 ++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 debian/patches/index-files-created-as-root (limited to 'debian/patches/index-files-created-as-root') diff --git a/debian/patches/index-files-created-as-root b/debian/patches/index-files-created-as-root new file mode 100644 index 0000000..432113c --- /dev/null +++ b/debian/patches/index-files-created-as-root @@ -0,0 +1,41 @@ +Document in the man page that slapindex should be run as the same user +as slapd, and print a warning if it's run as root (since Debian defaults +to running slapd as openldap). + +Not suitable for upstream in this form. This patch needs to be reworked +to check the BerkeleyDB database ownership and only warn if running as +root with a database that's not owned by root. + +Upstream ITS #5356 filed requesting better handling of this. Current +upstream discussion leans towards putting the check into the database +backend and aborting if slapd is run as a different user than the database +owner, which is an even better fix. + +Index: openldap/doc/man/man8/slapindex.8 +=================================================================== +--- openldap.orig/doc/man/man8/slapindex.8 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/doc/man/man8/slapindex.8 2022-05-20 17:36:11.605245612 -0400 +@@ -148,6 +148,10 @@ + should not be running (at least, not in read-write + mode) when you do this to ensure consistency of the database. + .LP ++slapindex ought to be run as the user specified for ++.BR slapd (8) ++to ensure correct database permissions. ++.LP + This command provides ample opportunity for the user to obtain + and drink their favorite beverage. + .SH EXAMPLES +Index: openldap/servers/slapd/slapindex.c +=================================================================== +--- openldap.orig/servers/slapd/slapindex.c 2022-05-20 17:36:11.609245615 -0400 ++++ openldap/servers/slapd/slapindex.c 2022-05-20 17:36:11.605245612 -0400 +@@ -34,6 +34,8 @@ + int + slapindex( int argc, char **argv ) + { ++ if (geteuid() == 0) ++ fprintf( stderr, "\nWARNING!\nRunning as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n"); + ID id; + int rc = EXIT_SUCCESS; + const char *progname = "slapindex"; -- cgit v1.2.3