postinst ignores dpkg-statoverride

Bug #343762 reported by jablko
2
Affects Status Importance Assigned to Milestone
openldap (Ubuntu)
Triaged
Low
Unassigned

Bug Description

Binary package hint: slapd

/var/lib/ldap is owner "openldap", group "openldap". I give it permission 770 so that members of the "openldap" group can run slapcat. I run a daily cron job to backup the LDAP directory using slapcat. Currently the job is in an "administrator" user's crontab. I prefer not to run the backup script as root. I suppose I could somehow run it as the "openldap" user? However I have so far made "administrator" a member of the "openldap" group, to have permission to run slapcat.

I added a dpkg-statoverride to give /var/lib/ldap permission 770:

administrator@amos:~$ dpkg-statoverride --list /var/lib/ldap
openldap openldap 770 /var/lib/ldap
administrator@amos:~$

- however whenever I upgrade the slapd package, the permission on /var/lib/ldap is reset to 750. I think this line (chmod) in slapd.postinst is responsible:

[...]
update_permissions() { # {{{
       dir="$1"
       [ -z "${SLAPD_USER}" ] || chown -R "${SLAPD_USER}" "${dir}"
       [ -z "${SLAPD_GROUP}" ] || chgrp -R "${SLAPD_GROUP}" "${dir}"
       chmod -R u=rwX,g=rX,o-rwx "${dir}"
}
# }}}
[...]

Mathias Gug (mathiaz)
Changed in openldap:
importance: Undecided → Low
status: New → Triaged
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.