[EMAIL PROTECTED] writes: >> There are more ways (than slapindex) to break file ownership. > > There is, and we should probably also do that, but slapindex is far and > away the most common and it would be cool if we could catch the problem > before it happens instead of just warning afterwards.
slapadd has the same problem. For that matter, starting slapd without -u can mess up for when you restart with -u. So we can just as well make it general: If root opens a database for writing, fail instead if the directory or database file is not owned by root. Unless a slapd.conf option says differently I guess. Not sure if the default should be to check that for slapd as well as the tools. -- Hallvard
