Re: WLUS development perspective
Geert Stappers:
> On Sun, May 08, 2005 at 08:47:19AM +0200, Andreas Schuldei wrote:
> <snip/>
> > ideas, suggestions?
>
> There was an posting from Barbarossa
> with the idea of putting "root privilegde required commands" in a queue
> and execute it as root.
>
> My contrib:
> use
> include /etc/ldap/acces/
> like
> include /etc/ldap/schema/
> in /etc/ldap/slapd{,-debian-edu}.conf
> That will make it easier to update the access permissions.
True.. like suggested in http://www.grotan.com/ldap/slapd.access.conf
If I'm not mistaken (I might be though ;), "include" takes a file, not a
directory. At least, this will make it a bit more tidy until we can make
use of ACI-objects inside the database rather than access instructions
in a configfile where the server has to be HUPed to re-read the
instructions.
I'm not very fond of adding root privileged-required commands in a
queue, since this very well can be used go gain root-access or do
serious damage to a system (`rm -rf` comes to mind). What are the actual
commands that need root privileges? Making new homedirectories and
running a set of chmod,chown,chgrp on it?
--
Regards
Bjørn Ove Grøtan
Reply to: