 Relationships |
|
| Anonymous | Login | 2024-04-20 08:38 CEST |
| Main | My View | View Issues |
| Viewing Issue Simple Details [ Jump to Notes ] | [ View Advanced ] [ Issue History ] [ Print ] | |||||||||||
| ID | Category | Severity | Reproducibility | Date Submitted | Last Update | |||||||
| 0001602 | [openldap] packaging | feature | always | 2006-05-15 07:36 | 2010-06-20 11:16 | |||||||
| Reporter | amaier | View Status | public | |||||||||
| Assigned To | asmoore | |||||||||||
| Priority | normal | Resolution | open | |||||||||
| Status | assigned | |||||||||||
| Summary | 0001602: slapd should be running as non-root user | |||||||||||
| Description |
Is there any need to run slapd as user root ? Solaris allows use of privilege ports for non-root users. See here for details: http://www.sun.com/blueprints/0505/819-2680.pdf [^] This would improve security. |
|||||||||||
| Additional Information | ||||||||||||
| Tags | No tags attached. | |||||||||||
| Attached Files | ||||||||||||
|
|
||||||||||||
|
Relationships |
|
|
Notes |
|
|
(0003452) asmoore (reporter) 2006-05-15 07:44 edited on: 2006-05-15 07:53 |
Absolutely. (edited) I do NOT recommend running slapd as root. That is only the default. Would you please read /opt/csw/share/doc/openldap/README.CSW? Also check the \'View news and info\' notes on the package\'s web site for any updated information or additional notes. edited on: 05-15 07:53 |
|
(0003453) asmoore (reporter) 2006-05-15 07:52 |
Well, sorry. That is what I get for being in a hurry. I have to leave for work in a few minutes. I do NOT recommend running slapd as root. That is what I intended to say. Sorry for the confusion. Read README.CSW. Also utilize /etc/opt/csw/openldaprc for maximum flexibility. |
|
(0003456) amaier (reporter) 2006-05-16 08:41 |
Well I just copied /opt/csw/etc/openldap/slapd.conf.default to /opt/csw/etc/openldap/slapd.conf and then openldap is running as \"root\". This bug is about simplifying the installation process by configuring openldap to run with non-root permissions by default. One way to accomplish this is explained in the link above, which I found very interesting. |
|
(0008045) rupert (developer) 2010-06-20 11:16 |
you mean this, in case of apache2: # svccfg -s apache2 svc:/network/http:apache2> setprop start/user = astring: webservd svc:/network/http:apache2> setprop start/group = astring: webservd svc:/network/http:apache2> setprop start/privileges = astring: basic,!proc_session,!proc_info,!file_link_any,net_privaddr svc:/network/http:apache2> setprop start/limit_privileges = astring: :default svc:/network/http:apache2> setprop start/use_profile = boolean: false svc:/network/http:apache2> setprop start/supp_groups = astring: :default svc:/network/http:apache2> setprop start/working_directory = astring: :default svc:/network/http:apache2> setprop start/project = astring: :default svc:/network/http:apache2> setprop start/resource_pool = astring: :default svc:/network/http:apache2> end # svcadm -v refresh apache2 Action refresh set for svc:/network/http:apache2. |
| Copyright © 2000 - 2008 Mantis Group |  |
