Ignore:
Timestamp:
01/29/2014 04:40:48 PM (10 years ago)
Author:
Fernando de Oliveira <fernando@…>
Branches:
10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 12.0, 12.1, 7.10, 7.5, 7.6, 7.6-blfs, 7.6-systemd, 7.7, 7.8, 7.9, 8.0, 8.1, 8.2, 8.3, 8.4, 9.0, 9.1, basic, bdubbs/svn, elogind, gnome, kde5-13430, kde5-14269, kde5-14686, kea, ken/TL2024, ken/inkscape-core-mods, ken/tuningfonts, krejzi/svn, lazarus, lxqt, nosym, perl-modules, plabs/newcss, plabs/python-mods, python3.11, qt5new, rahul/power-profiles-daemon, renodr/vulkan-addition, systemd-11177, systemd-13485, trunk, upgradedb, xry111/intltool, xry111/llvm18, xry111/soup3, xry111/test-20220226, xry111/xf86-video-removal
Children:
dac0ab8
Parents:
c132a23e
Message:

openldap-2.4.39. Fix again. Thanks Armin K.

git-svn-id: svn://svn.linuxfromscratch.org/BLFS/trunk/BOOK@12645 af4574ff-66df-0310-9fd7-8a98e5e911e0

File:
1 edited

Legend:

Unmodified
Added
Removed

  • server/other/openldap.xml

    rc132a23e r117309d  
    207207<screen role="root"><userinput>make install &amp;&amp;
    208208
    209 chown -v -R ldap:ldap /var/lib/openldap                           &amp;&amp;
    210 chmod -v 0644 /var/lib/openldap/DB_CONFIG.example                 &amp;&amp;
    211 chmod -v 0644 /etc/openldap/{slapd.{conf,ldif},DB_CONFIG.example} &amp;&amp;
     209chmod -v 700 /var/lib/openldap                                         &amp;&amp;
     210chown -v -R ldap:ldap /var/lib/openldap                                &amp;&amp;
     211chmod -v 640 /etc/openldap/{slapd.{conf,ldif},DB_CONFIG.example}       &amp;&amp;
     212chown -v root:ldap /etc/openldap/{slapd.{conf,ldif},DB_CONFIG.example} &amp;&amp;
     213install -v -dm700 -o ldap -g ldap /etc/openldap/slapd.d                &amp;&amp;
    212214
    213215install -v -dm755  /usr/share/doc/openldap-&openldap-version; &amp;&amp;
     
    215217cp -vfr doc/rfc    /usr/share/doc/openldap-&openldap-version; &amp;&amp;
    216218cp -vfr doc/guide  /usr/share/doc/openldap-&openldap-version;</userinput></screen>
     219
     220    <para>
     221      Having slapd configuration files and ldap databases in /var/lib/openldap
     222      readable by anyone is a SECURITY ISSUE, especially since a file stores
     223      admin password in PLAIN TEXT. That's why mode 640 and root:ldap ownership
     224      were used. Owner is root, so only root can modify the file, and group is
     225      ldap, so that the group which owns slapd daemon could read but not modify
     226      the file in case of a security breach.
     227    </para>
    217228
    218229  </sect2>
Note: See TracChangeset for help on using the changeset viewer.