LDAP sets permission bits to 666 for slapd.args and slapd.pid on startup
search cancel

LDAP sets permission bits to 666 for slapd.args and slapd.pid on startup

book

Article ID: 246407

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP LDAP SERVER FOR Z/OS

Issue/Introduction

LDAP sets the permission bits for 'other' users to rw- on these two files at startup which exposes us to trojan horse and backdoor attacks according to zSecure.  Can LDAP be changed to set the permission bits for these files to 755 (or other combination that prevents WRITE permission for 'other ' users.

Environment

Release : 16.0

Component : LDAP Server

Resolution

If you don't need those files for anything,  you can remove them from slapd.conf.  Then they won't even be created

 

Just comment out with a # or remove:

pidfile   ./slapd.pidargsfile  ./slapd.args

 

 

That should have been on 2 lines.

pidfile      ./slapd.pid

argsfile     ./slapd.args

 

These are from the sample slapd.conf  files, should remove them as well.