[Pkg-openldap-devel] r938 - openldap/trunk/debian
Russ Allbery
rra at alioth.debian.org
Fri Dec 21 07:29:45 UTC 2007
Author: rra
Date: 2007-12-21 07:29:45 +0000 (Fri, 21 Dec 2007)
New Revision: 938
Modified:
openldap/trunk/debian/changelog
openldap/trunk/debian/slapd.postinst
openldap/trunk/debian/slapd.scripts-common
Log:
* Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
by default so that slapindex and friends can read it when run as the
openldap user. Fix permissions on upgrade if slapd.conf is owned by
root and mode 600. Closes: #432662
Modified: openldap/trunk/debian/changelog
===================================================================
--- openldap/trunk/debian/changelog 2007-12-21 07:11:58 UTC (rev 937)
+++ openldap/trunk/debian/changelog 2007-12-21 07:29:45 UTC (rev 938)
@@ -53,6 +53,10 @@
to statically link a dynamically-loaded slapi plugin.
[ Russ Allbery ]
+ * Create /etc/ldap/slapd.conf owned by the openldap group and mode 640
+ by default so that slapindex and friends can read it when run as the
+ openldap user. Fix permissions on upgrade if slapd.conf is owned by
+ root and mode 600. Closes: #432662
* If SLAPD_CONF is set to a directory in /etc/default/slapd, assume
the cn=config backend is used and start slapd with the appropriate
options. Based on a patch from Mike Burr. Closes: #411413.
Modified: openldap/trunk/debian/slapd.postinst
===================================================================
--- openldap/trunk/debian/slapd.postinst 2007-12-21 07:11:58 UTC (rev 937)
+++ openldap/trunk/debian/slapd.postinst 2007-12-21 07:29:45 UTC (rev 938)
@@ -59,6 +59,10 @@
# Update permissions of all database directories and /var/run/slapd
update_databases_permissions
update_permissions /var/run/slapd
+
+ # Versions prior to 2.4.7-1 could create a slapd.conf that wasn't
+ # readable by the openldap user.
+ update_slapd_conf_permissions
}
# }}}
Modified: openldap/trunk/debian/slapd.scripts-common
===================================================================
--- openldap/trunk/debian/slapd.scripts-common 2007-12-21 07:11:58 UTC (rev 937)
+++ openldap/trunk/debian/slapd.scripts-common 2007-12-21 07:29:45 UTC (rev 938)
@@ -138,7 +138,19 @@
done
}
# }}}
+update_slapd_conf_permissions() { # {{{
+ if [ -n "$SLAPD_USER" ] && [ -n "$SLAPD_GROUP" ] ; then
+ if perl -e '
+ ($o, $m) = (stat $ARGV[0])[4,2];
+ exit 1 if ($o == 0 && ($m & 040) == 0);
+ ' "$SLAPD_CONF"; then
+ chgrp "$SLAPD_GROUP" "$SLAPD_CONF"
+ chmod g+r "$SLAPD_CONF"
+ fi
+ fi
+}
# }}}
+# }}}
# ----- Dumping and loading the data ------------------------------------ {{{
automatic_ldif_fixing_wanted_for() { # {{{
@@ -801,15 +813,18 @@
local conf_new
conf_new="$1"
- # On install and remove we don't have to backup the configuration file. Only
- # on upgrade.
- if [ "$MODE" = "upgrade" ]; then
- backup_config_once
- fi
+ # On install and remove we don't have to backup the configuration
+ # file. Only on upgrade.
+ if [ "$MODE" = "upgrade" ]; then
+ backup_config_once
+ fi
# Make sure we keep the permissions of an old slapd.conf
if [ -e "$SLAPD_CONF" ]; then
assign_permissions "$SLAPD_CONF" "$conf_new"
+ elif [ -n "$SLAPD_GROUP" ] ; then
+ chgrp "$SLAPD_GROUP" "$conf_new"
+ chmod 640 "$conf_new"
fi
mv "$conf_new" "$SLAPD_CONF"
}
More information about the Pkg-openldap-devel
mailing list