FS#30611 - [openldap] Install /run/openldap with 0755
Attached to Project:
Arch Linux
Opened by Jochen Keil (jrk) - Monday, 09 July 2012, 10:07 GMT
Last edited by Eric Belanger (Snowman) - Monday, 10 June 2013, 19:30 GMT
Opened by Jochen Keil (jrk) - Monday, 09 July 2012, 10:07 GMT
Last edited by Eric Belanger (Snowman) - Monday, 10 June 2013, 19:30 GMT
|
Details
Description:
In /usr/lib/tmpfiles.d/slapd.conf the permission for /run/openldap is set to 0750. I see no reason in that, it should be set to 0755 since the only files residing there are pid, args and the socket. If the permission is set to 0750 local daemons cannot access the socket. Additional info: * package version(s) openldap 2.4.31-4 Steps to reproduce: cat /usr/lib/tmpfiles.d/slapd.conf |
This task depends upon
Closed by Eric Belanger (Snowman)
Monday, 10 June 2013, 19:30 GMT
Reason for closing: Fixed
Additional comments about closing: in svn trunk
Monday, 10 June 2013, 19:30 GMT
Reason for closing: Fixed
Additional comments about closing: in svn trunk
olcAccess: {3}to dn.subtree="ou=groups,dc=example,dc=com" by sockurl="ldapi:///" read by * none break
I use this for example for nslcd.conf and in postfix. I think that's a nice why to do especially with something like
olcAccess: {4}to * by self write by dn="cn=admin,dc=ch" write by dn.base="gidN
umber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage by anonymous auth
by users read by * none
which allows me as root to use the socket with "-Y EXTERNAL" for modifications.
...regardless, if the slapd setting exists, then I think the slapd setting should be used for this, and since the default is 0777 (to let all programs use it), IMO Arch's tmpfiles.d should have 0777 as well.