Re: WLUS development perspective

[Bjorn Ove Grotan <bgrotan@samfundet.no>]

Geert Stappers:
> On Sun, May 08, 2005 at 08:47:19AM +0200, Andreas Schuldei wrote:
>  <snip/> 
> > ideas, suggestions?
> 
> There was an posting from Barbarossa
> with the idea of putting "root privilegde required commands" in a queue
> and execute it as root.
> 
> My contrib:
> use 
>    include /etc/ldap/acces/
> like
>    include /etc/ldap/schema/
> in /etc/ldap/slapd{,-debian-edu}.conf 
> That will make it easier to update the access permissions.

True.. like suggested in http://www.grotan.com/ldap/slapd.access.conf
If I'm not mistaken (I might be though ;), "include" takes a file, not a
directory. At least, this will make it a bit more tidy until we can make
use of ACI-objects inside the database rather than access instructions
in a configfile where the server has to be HUPed to re-read the
instructions.

I'm not very fond of adding root privileged-required commands in a
queue, since this very well can be used go gain root-access or do
serious damage to a system (`rm -rf` comes to mind). What are the actual
commands that need root privileges? Making new homedirectories and
running a set of chmod,chown,chgrp on it?

-- 
Regards
 
Bjørn Ove Grøtan