unix socket permissions
Jason Joines
joines
Mon Feb 7 10:40:19 PST 2005
Is there anything special about setting permissions on unix
sockets? I've been using OpenLDAP for authentication for quite some
time but have just recently started playing around with ldapi and unix
sockets. The socket is /var/run/slapd/ldapi with these permissions on
th path.
myhost:~> ls -ld / /var /var/run /var/run/slapd /var/run/slapd/*
drwxr-xr-x 21 root root 4096 2005-01-25 09:40 /
drwxr-xr-x 15 root root 4096 2005-01-19 16:37 /var
drwxr-xr-x 14 root root 4096 2005-02-04 16:54 /var/run
drwxr-xr-x 2 ldap ldap 4096 2005-02-07 09:31 /var/run/slapd
srwxr-xr-x 1 root root 0 2005-02-07 09:31 /var/run/slapd/ldapi
An ldapsearch against that socket as the user root works just fine.
myhost:~ # ldapsearch -LLL -x -H ldapi://%2fvar%2frun%2fslapd%2fldapi
uid=bogus dn
dn: uid=bogus,dc=my,dc=domain,dc=org
However, searches from a non-root user fail.
myhost:~> ldapsearch -LLL -x -H ldapi://%2fvar%2frun%2fslapd%2fldapi
uid=bogus dn
ldap_bind: Can't contact LDAP server (-1)
The original permissions were the same as those above with the
exception of /var/run/slapd which was drwx------. I changed the
permissions so non-root users can access the socket via filesystem but
it still hasn't enabled them to use it in a search.
Any ideas?
Jason Joines
=================================
More information about the Linux-users
mailing list