postinst ignores dpkg-statoverride

Bug #343762 reported by jablko
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)

Bug Description

Binary package hint: slapd

/var/lib/ldap is owner "openldap", group "openldap". I give it permission 770 so that members of the "openldap" group can run slapcat. I run a daily cron job to backup the LDAP directory using slapcat. Currently the job is in an "administrator" user's crontab. I prefer not to run the backup script as root. I suppose I could somehow run it as the "openldap" user? However I have so far made "administrator" a member of the "openldap" group, to have permission to run slapcat.

I added a dpkg-statoverride to give /var/lib/ldap permission 770:

administrator@amos:~$ dpkg-statoverride --list /var/lib/ldap
openldap openldap 770 /var/lib/ldap

- however whenever I upgrade the slapd package, the permission on /var/lib/ldap is reset to 750. I think this line (chmod) in slapd.postinst is responsible:

update_permissions() { # {{{
       [ -z "${SLAPD_USER}" ] || chown -R "${SLAPD_USER}" "${dir}"
       [ -z "${SLAPD_GROUP}" ] || chgrp -R "${SLAPD_GROUP}" "${dir}"
       chmod -R u=rwX,g=rX,o-rwx "${dir}"
# }}}

Mathias Gug (mathiaz)
Changed in openldap:
importance: Undecided → Low
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers