/usr/sbin/ds_systemd_ask_password_acl is in 389-ds-base 1.3.7.10-1ubuntu1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | #!/bin/sh
# BEGIN COPYRIGHT BLOCK
# Copyright (C) 2016 Red Hat, Inc.
#
# All rights reserved.
#
# License: GPL (version 3 or any later version).
# See LICENSE for details.
# END COPYRIGHT BLOCK
# Systemd has not fixed the issue at https://bugzilla.redhat.com/show_bug.cgi?id=1322167
# As a result, we need a way to fix the permissions as we start.
# We have to reset these each time, as this folder is on a tmpfs.
# If we don't do this, we can't prompt for the password!
# If you want this script to go away, fix the bugzilla so we don't need it!
# Make sure we have the path to the dse.ldif
if [ -z $1 ]
then
echo "usage: ${0} /etc/dirsrv/slapd-<instance>/dse.ldif"
exit 1
fi
# Grep the user out
DS_USER=`grep 'nsslapd-localuser: ' $1 | awk '{print $2}'`
# Now apply the acl
if [ -d /var/run/systemd/ask-password ]
then
setfacl -m u:${DS_USER}:rwx /var/run/systemd/ask-password
fi
|