postinst ignores dpkg-statoverride
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openldap (Ubuntu) |
Triaged
|
Low
|
Unassigned | ||
Bug Description
Binary package hint: slapd
/var/lib/ldap is owner "openldap", group "openldap". I give it permission 770 so that members of the "openldap" group can run slapcat. I run a daily cron job to backup the LDAP directory using slapcat. Currently the job is in an "administrator" user's crontab. I prefer not to run the backup script as root. I suppose I could somehow run it as the "openldap" user? However I have so far made "administrator" a member of the "openldap" group, to have permission to run slapcat.
I added a dpkg-statoverride to give /var/lib/ldap permission 770:
administrator@
openldap openldap 770 /var/lib/ldap
administrator@
- however whenever I upgrade the slapd package, the permission on /var/lib/ldap is reset to 750. I think this line (chmod) in slapd.postinst is responsible:
[...]
update_
dir="$1"
[ -z "${SLAPD_USER}" ] || chown -R "${SLAPD_USER}" "${dir}"
[ -z "${SLAPD_GROUP}" ] || chgrp -R "${SLAPD_GROUP}" "${dir}"
chmod -R u=rwX,g=rX,o-rwx "${dir}"
}
# }}}
[...]
| Changed in openldap: | |
| importance: | Undecided → Low |
| status: | New → Triaged |
