Too secure /tmp for OpenLDAP and OpenDKIM

IPTRACE

Active Member

Reaction score: 20
Messages: 240

I have a problem with permissions on /tmp folder.
I've changed permissions from
Code:
drwxrwxrwt root wheel tmp/
to
Code:
drwxr-xr-t root wheel tmp/
Then I could not start OpenLDAP.
Can someone support me with this issue? (I want to keep 1755 permissions)
Code:
slapd[78705]: @(#) $OpenLDAP: slapd 2.4.45 (Jul  2 2017 07:29:37) $       root@110amd64-quarterly-job-03:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.45/servers/slapd
slapd[78706]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
slapd[78706]: mdb_db_open: database "dc=domain,dc=com" cannot be opened: File exists (17). Restore from backup!
I cannot find whether I could change temporary directory in OpenLDAP configuration file.
 
OP
OP
IPTRACE

IPTRACE

Active Member

Reaction score: 20
Messages: 240

I harden my systems as much as possible.
I had a problem with OpenDKIM as well but the configuraton allows me to change temporary directory path to my own.
Code:
TemporaryDirectory      /opendkim/tmp
I read that OpenLDAP uses the /usr/tmp which is symbolic link to /tmp but nothing more yet.
 
OP
OP
IPTRACE

IPTRACE

Active Member

Reaction score: 20
Messages: 240

I've found two files responsible for setting path to temporary directory. (I think so)
Code:
/usr/ports/net/openldap24-server/work/openldap-2.4.45/build/config.guess
/usr/ports/net/openldap24-server/work/openldap-2.4.45/contrib/ldapc++/config.guess
These lines shortly describe a variable to path.
Code:
: ${TMPDIR=/tmp} ;
Firstly, these files are created during make in appropriate folder in ports.
Secondly, everytime I do make clean and then make commands these files are created from source.
I've tried to set
Code:
chflags schange filename
to prevent removal these files during make clean but error occures.
Is it possible to run make command and keep these files unchanged?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,183
Messages: 29,471

Code:
: ${TMPDIR=/tmp} ;
Ah, that's usually helpful. You might be able to configure the temporary folder by setting the $TMPDIR environment variable to a location where the LDAP user is able to write.
 
OP
OP
IPTRACE

IPTRACE

Active Member

Reaction score: 20
Messages: 240

Unfortunately, it doesn't work. I've set setenv TMPDIR /openldap/tmp for root user (because I use sudo make) without success. For standard user as well to be sure.
The quiestion is: how can I provide these new lines before make? But make command creates these lines :cool:
 
OP
OP
IPTRACE

IPTRACE

Active Member

Reaction score: 20
Messages: 240

I had a problem with PHP as well. So, I uncommented and changed the path to temp directory in php.ini file.
Code:
sys_temp_dir=/php/tmp
Anyway, I have the problem with MySQL. I've set
Code:
tmpdir = /mysql/tmp
socket = /mysql/tmp
in my.cnf without success.
I can not run the mysql-server.
 
OP
OP
IPTRACE

IPTRACE

Active Member

Reaction score: 20
Messages: 240

My little mistake.
Code:
socket = /mysql/tmp/mysql.sock
does the job.
 
Top