[Fedora-directory-users] Re: Fedora-directory-users Digest, Vol 7, Issue 15

[Kevin M. Goess]

On Tuesday 06 December 2005 01:33 pm, 
fedora-directory-users-request at redhat.com wrote:
> This is a permissions problem.  Did you use the same user for the
> directory server as for the admin server?

Nope, I used ldap for the directory server, which seems to work fine, and was 
trying to use 'ldapas' for the admin server.

> What's in the file /tmp/file2dDMoZ?

$ ls -lF /tmp/file2dDMoZ
-rw-r--r--  1 root root 0 Dec  6 13:12 /tmp/file2dDMoZ

An empty file, owned by root. 


> What is the output of
> ls -l admin-serv/config
> ?

$ ls -al admin-serv/config/
total 60
drwxr-xr-x  2 ldapas ldapas  4096 2005-12-06 16:59 .
drwxr-xr-x  6 ldapas ldapas  4096 2005-12-06 16:59 ..
-rw-------  1 ldapas root     347 2005-12-06 16:59 adm.conf
-rw-------  1 ldapas ldapas    39 2005-12-06 16:59 admpw
-rw-------  1 ldapas root    3537 2005-12-06 16:59 admserv.conf
-rw-------  1 ldapas root    3722 2005-12-06 16:59 console.conf
-rw-------  1 ldapas root   26608 2005-12-06 16:59 httpd.conf
-rw-------  1 ldapas root    4573 2005-12-06 16:59 nss.conf


> >On a side note, is there any reason not to use the standard redhat 
> >"ldap" user  
> >instead of "nobody" for the default suggested slapd user?
> 
> You should be able to use "ldap".
> 
> >My impression was 
> >that "nobody" should not own any files on the filesystem.

Then would this be the place to suggest making the suggested default "ldap" 
intead of "nobody"?  I know at least one sysadmin who would be saved the 
trouble of pulling out his hair in handfuls when he saw important system 
files owned by the "nobody" user.


-- 
Kevin M. Goess
(415) 277-2079
Ensenda, Inc.