Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#35570 - [openldap] run directory should be 0755
Attached to Project:
Arch Linux
Opened by Mantas Mikulėnas (grawity) - Friday, 31 May 2013, 14:54 GMT
Last edited by Eric Belanger (Snowman) - Friday, 31 May 2013, 16:51 GMT
Opened by Mantas Mikulėnas (grawity) - Friday, 31 May 2013, 14:54 GMT
Last edited by Eric Belanger (Snowman) - Friday, 31 May 2013, 16:51 GMT
|
DetailsThe tmpfiles.d config in openldap 2.4.35-4 creates /run/openldap with 0750 permissions, restricting it to the 'ldap' group. It should be changed to 0755, since slapd does not store any private data there.
On the other hand, it creates the Unix socket for LDAP (ldapi://) in /run/openldap, which all programs are supposed to have access to. (The Unix socket requires authenticating the same way as TCP sockets do, so security is not a problem.) From other distros, even Debian – which insists on a separate "fuse" group – creates /run/slapd as 0755. |
This task depends upon
Closed by Eric Belanger (Snowman)
Friday, 31 May 2013, 16:51 GMT
Reason for closing: Duplicate
Additional comments about closing: FS#30611
Friday, 31 May 2013, 16:51 GMT
Reason for closing: Duplicate
Additional comments about closing: