[Pkg-openldap-devel] Upgrading and changing permissions.

[Matthijs Mohlmann]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Steve Langasek wrote:
> On Sun, Jun 04, 2006 at 03:47:54PM +0200, Matthijs Mohlmann wrote:
>> - - Upgrade path (From sarge to etch / sid)
>> When someone wants to upgrade from Sarge to sid and update the
>> /etc/default/slapd so that the user is changed to openldap. Shall we in
>> the slapd postinst script update the permissions of every file /
>> directory in /etc/ldap except for ldap.conf because that one belongs to
>> libldap2 ?
> 
> Why would you change the permissions of *any* of these files?  The slapd
> user shouldn't have write access to them.
> 
The user / admin can have passwords in the slapd.conf configuration. See
the rootdn and rootpw parameter. That's why I think it's needed to
change the permissions. Eventually we can change it to root:openldap and
0640 so that the openldap user only has read permissions.

The included files from slapd.conf can probably also have passwords.
(with multiple directories specified in multiple files)

>  And update the permissions for /var/lib/ldap, /var/run/slapd
>> and /var/spool/slurpd ?
> 
> Yes, I suppose so.
> 
> Cheers,

Regards,

Matthijs Mohlmann

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEhzSR2n1ROIkXqbARAti1AJ9ONJqGRNyWQakMdDQ2ngqQk0BO5QCff/3u
+7NddtjUd2RxSg6GIz9QX5g=
=3zer
-----END PGP SIGNATURE-----