[389-users] db2ldif as non root user
Mitja Mihelič
mitja.mihelic at arnes.si
Tue Oct 13 11:34:48 UTC 2009
Rich Megginson wrote:
> Mitja Mihelič wrote:
>> Greetings all fellow Fedora Directory Server users!
>>
>>
>> Is it possible to dump the database to an LDIF file as a non-root user ?
>>
>> I have no problem doing this as root.
>>
>> I would like to run
>> /usr/lib/dirsrv/slapd-example/db2ldif -a /tmp/dbdump.ldif -n userRoot
>> from a remote machine via ssh and I would really like to avoid
>> connecting to the machine as root.
>>
>> Has anyone had any experience in doing this if it is at all possible ?
> You can also use the task interface to invoke this task via LDAP
> remotely. See /usr/lib/dirsrv/slapd-example/db2ldif.pl for more
> information.
Rich, I tried your suggestion and it worked.
Here is what I did to get it working :
- as root: chmod o+rx /usr/lib/dirsrv/slapd-example/db2ldif.pl
- as user: /usr/lib/dirsrv/slapd-example/db2ldif.pl -D "cn=Directory
manager" -w secret -a /tmp/dbdump.ldif -n userRoot
This produced an LDIF dump as it should.
Since it was written by the ldapmodify command (if I am reading the
script correctly) it is owned by nobody :
-rw------- 1 nobody nobody 136140945 Oct 13 09:34 dbdump.ldif
Of course now the dump cannot be read by the user that initiated the
operation.
I failed to mention that after the dump is created, it is supposed to be
copied (via scp) to the machine that initiated the dump.
The remote machine issues the following commands:
# ssh user at example.com /usr/lib/dirsrv/slapd-example/db2ldif.pl -D
"cn=Directory manager" -w secret -a /tmp/dbdump.ldif -n userRoot
# scp user at example.com:/tmp/dbdump.ldif /home/user/dbdump.ldif
The only way I see around this problem is to let the server run as a
user other than "nobody". Or is there another way ?
Regards,
Mitja
More information about the 389-users
mailing list