[Pkg-openldap-devel] r735 - in openldap/trunk-2.3/debian: . patches

Matthijs Mohlmann matthijs at alioth.debian.org
Thu Nov 9 22:49:59 CET 2006 

Author: matthijs
Date: 2006-11-09 22:49:59 +0100 (Thu, 09 Nov 2006)
New Revision: 735

Added:
   openldap/trunk-2.3/debian/patches/index-files-created-as-root
Modified:
   openldap/trunk-2.3/debian/changelog
   openldap/trunk-2.3/debian/patches/series
Log:
 * Added warning when running slapindex as root.


Modified: openldap/trunk-2.3/debian/changelog
===================================================================
--- openldap/trunk-2.3/debian/changelog	2006-11-09 21:21:01 UTC (rev 734)
+++ openldap/trunk-2.3/debian/changelog	2006-11-09 21:49:59 UTC (rev 735)
@@ -7,6 +7,8 @@
     LDAP BIND requests. (Fixes CVE-2006-5779) (Closes: #397673)
   * Updated README.Debian about running as non-root user (Closes: #389369)
   * Updated de translation (Closes: #396096)
+  * Added some documentation / warnings when running as non privileged user
+    and creating indexes.
 
  -- Matthijs Mohlmann <matthijs at cacholong.nl>  Thu,  9 Nov 2006 21:57:37 +0100
 

Added: openldap/trunk-2.3/debian/patches/index-files-created-as-root
===================================================================
--- openldap/trunk-2.3/debian/patches/index-files-created-as-root	2006-11-09 21:21:01 UTC (rev 734)
+++ openldap/trunk-2.3/debian/patches/index-files-created-as-root	2006-11-09 21:49:59 UTC (rev 735)
@@ -0,0 +1,28 @@
+Index: doc/man/man8/slapindex.8
+===================================================================
+--- doc/man/man8/slapindex.8.orig
++++ doc/man/man8/slapindex.8
+@@ -90,6 +90,10 @@
+ should not be running (at least, not in read-write
+ mode) when you do this to ensure consistency of the database.
+ .LP
++slapindex ought to be run as the user specified for
++.BR slapd (8)
++to ensure correct database permissions.
++.LP
+ This command provides ample opportunity for the user to obtain
+ and drink their favorite beverage.
+ .SH EXAMPLES
+Index: servers/slapd/slapindex.c
+===================================================================
+--- servers/slapd/slapindex.c.orig
++++ servers/slapd/slapindex.c
+@@ -34,6 +34,8 @@
+ int
+ slapindex( int argc, char **argv )
+ {
++    if (geteuid() == 0)
++        fprintf( stderr, "\nWARNING!\nRunnig as root!\nThere's a fair chance slapd will fail to start.\nCheck file permissions!\n\n");
+ 	ID id;
+ 	int rc = EXIT_SUCCESS;
+ 	const char *progname = "slapindex";

Modified: openldap/trunk-2.3/debian/patches/series
===================================================================
--- openldap/trunk-2.3/debian/patches/series	2006-11-09 21:21:01 UTC (rev 734)
+++ openldap/trunk-2.3/debian/patches/series	2006-11-09 21:49:59 UTC (rev 735)
@@ -12,3 +12,4 @@
 disable-epoll-system-call -p0
 wrong-database-location -p0
 CVE-2006-5779 -p0
+index-files-created-as-root -p0

More information about the Pkg-openldap-devel mailing list