Bug#375533: Assertion failure in libnss-ldap
On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote: Just wanted to confirm that changing /etc/libnss-ldap.conf's permissions to 0644 fixes the problem. But how did it get to 0600 in the first place? The postinst installs it to 0644... Did you ever change this? I'm unable to reproduce it on a fresh install. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375533: Assertion failure in libnss-ldap
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steinar H. Gunderson написа: On Tue, Sep 26, 2006 at 01:29:40PM +0300, Damyan Ivanov wrote: Just wanted to confirm that changing /etc/libnss-ldap.conf's permissions to 0644 fixes the problem. But how did it get to 0600 in the first place? The postinst installs it to 0644... Did you ever change this? I'm unable to reproduce it on a fresh install. It asks here via debconf. Perhaps the question is asked only the first time the package in installed. dpkg-reconfigure makes it ask the question again. dam - -- Damyan Ivanov Modular Software Systems [EMAIL PROTECTED] phone +359(2)928-2611, 929-3993 fax +359(2)920-0994 mobile +359(88)856-6067 [EMAIL PROTECTED]/Gaim -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFHRNOHqjlqpcl9jsRAqITAKCKmYmfNunkcG3EEIIwIX7ct5anrQCeOLO2 5aNpukA1S2KmRXWLNibj6Bw= =fyeJ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375533: Assertion failure in libnss-ldap
On Fri, Sep 29, 2006 at 04:36:30PM +0400, Damyan Ivanov wrote: It asks here via debconf. Perhaps the question is asked only the first time the package in installed. dpkg-reconfigure makes it ask the question again. Hm. The template says: _Description: make configuration readable/writeable by owner only Should the libnss-ldap configuration file be readable and writable only by the file owner? . If you use passwords in your libnss-ldap configuration, it is usually a good idea to have the configuration set with mode 0600 (readable and writable only by the file's owner). . Note: As a sanity check, libnss-ldap will check if you have nscd installed and will only set the mode to 0600 if nscd is present. So if you explicitly set it, and then stop nscd, it will break. That's not really anything libnss-ldap can do anything about, is it? /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375533: Assertion failure in libnss-ldap
severity 375533 normal tanks On Fri, Sep 29, 2006 at 03:10:18PM +0200, Steinar H. Gunderson wrote: So if you explicitly set it, and then stop nscd, it will break. That's not really anything libnss-ldap can do anything about, is it? I'm downgrading this; I can't find that it would be RC, given that the user has set this himself/herself, and has already been warned. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#375533: Assertion failure in libnss-ldap
Hi, Just wanted to confirm that changing /etc/libnss-ldap.conf's permissions to 0644 fixes the problem. To do this properly, I had to re-configure the package (dpkg-reconfigure libnss-ldap), since hand-fixed perms get reset on upgrade. Does libnss-ldap.conf need to be 0600 at all? As far as I see, the password is in a separate file, so nothing is exposed, right? dam -- Damyan Ivanov Modular Software Systems [EMAIL PROTECTED] phone +359(2)928-2611, 929-3993 fax +359(2)920-0994 mobile +359(88)856-6067 [EMAIL PROTECTED]/Gaim signature.asc Description: OpenPGP digital signature