Bug 266811 - net/openldap26-server startup script generates chown: /var/db/openldap-data/.sujournal: Operation not permitted
Summary: net/openldap26-server startup script generates chown: /var/db/openldap-data/....
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Xin LI
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-10-04 04:19 UTC by Olivier
Modified: 2022-10-21 17:44 UTC (History)
1 user (show)

See Also:
bugzilla: maintainer-feedback? (delphij)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier 2022-10-04 04:19:26 UTC 

    


    


      



        
          Comment 1
        

        
          Olivier

        

        
        

        
          2022-10-04 04:28:14 UTC
        

      






On FreeBSD relleng 13.1-p2

The line 127 of the startup script does a:
  chown -RL "$slapd_owner" "${DBDIR}"

When the DBDIR resides on a separate file system and the operating system is running kern.securelevel: 1 the .sujournal of that file system cannot be modified because of the flag schg:

  # ls -lo /var/db/openldap-data/.sujournal
  4 65600 -r--------  1 root  wheel  schg,sunlnk,nodump,opaque 33554432 Sep 20 12:02 /var/db/openldap-data/.sujournal
  # mount -p |grep da1p1
  /dev/da1p1              /var/db/openldap-data   ufs     rw   2 2
  # /usr/local/etc/rc.d/slapd restart
  Stopping slapd.
  Waiting for PIDS: 41425.
  chown: /var/db/openldap-data/.sujournal: Operation not permitted
  Performing sanity check on slap configuration: OK
  Starting slapd.

slapd still starts with no issue, but that error can be unsettling.

    


    


      



        
          Comment 2
        

        
          Olivier

        

        
        

        
          2022-10-07 02:39:25 UTC
        

      






As a side note, instead of setting the directory ownership automatically, in the back of the user, I find it more effective to test the ownership of the directory and abort the script with an error message if the directory's owner is not correct.

It forces the user to make the change themselves, but at least they know what is happening on their system.

Fixing thing in the back of the owner is more a Linux/Windows philosophy taht I don't think matches well with FreeBSD.

    


    


      



        
          Comment 3
        

        
          commit-hook

        

        
            freebsd_committer
            freebsd_triage
        

        
          2022-10-21 17:44:03 UTC
        

      






A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=682ba7c84914385be04215dadf481f2a3574d242

commit 682ba7c84914385be04215dadf481f2a3574d242
Author:     Xin LI <delphij@FreeBSD.org>
AuthorDate: 2022-10-21 17:39:00 +0000
Commit:     Xin LI <delphij@FreeBSD.org>
CommitDate: 2022-10-21 17:43:12 +0000

    net/openldap2[4-6]-server: suppress warning message when chown failed.

    On UFS with sujournal enabled, the journal is immutable and chown would
    fail. This would cause the script to issue an error when a separate UFS
    file system is used as OpenLDAP data store, which is not actionable and
    causes confusion.

    Reported by:    Olivier Nicole <on cs.ait.ac.th>
    PR:             ports/266811

 net/openldap24-server/Makefile       | 2 +-
 net/openldap24-server/files/slapd.in | 4 ++--
 net/openldap25-server/Makefile       | 2 +-
 net/openldap25-server/files/slapd.in | 4 ++--
 net/openldap26-server/Makefile       | 2 +-
 net/openldap26-server/files/slapd.in | 4 ++--
 6 files changed, 9 insertions(+), 9 deletions(-)