Too secure /tmp for OpenLDAP and OpenDKIM

I have a problem with permissions on /tmp folder.
I've changed permissions from
Code:
drwxrwxrwt root wheel tmp/
to
Code:
drwxr-xr-t root wheel tmp/
Then I could not start OpenLDAP.
Can someone support me with this issue? (I want to keep 1755 permissions)
Code:
slapd[78705]: @(#) $OpenLDAP: slapd 2.4.45 (Jul  2 2017 07:29:37) $       root@110amd64-quarterly-job-03:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.45/servers/slapd
slapd[78706]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
slapd[78706]: mdb_db_open: database "dc=domain,dc=com" cannot be opened: File exists (17). Restore from backup!
I cannot find whether I could change temporary directory in OpenLDAP configuration file.
 
I harden my systems as much as possible.
I had a problem with OpenDKIM as well but the configuraton allows me to change temporary directory path to my own.
Code:
TemporaryDirectory      /opendkim/tmp
I read that OpenLDAP uses the /usr/tmp which is symbolic link to /tmp but nothing more yet.
 
I've found two files responsible for setting path to temporary directory. (I think so)
Code:
/usr/ports/net/openldap24-server/work/openldap-2.4.45/build/config.guess
/usr/ports/net/openldap24-server/work/openldap-2.4.45/contrib/ldapc++/config.guess
These lines shortly describe a variable to path.
Code:
: ${TMPDIR=/tmp} ;
Firstly, these files are created during make in appropriate folder in ports.
Secondly, everytime I do make clean and then make commands these files are created from source.
I've tried to set
Code:
chflags schange filename
to prevent removal these files during make clean but error occures.
Is it possible to run make command and keep these files unchanged?
 
Code:
: ${TMPDIR=/tmp} ;
Ah, that's usually helpful. You might be able to configure the temporary folder by setting the $TMPDIR environment variable to a location where the LDAP user is able to write.
 
Unfortunately, it doesn't work. I've set setenv TMPDIR /openldap/tmp for root user (because I use sudo make) without success. For standard user as well to be sure.
The quiestion is: how can I provide these new lines before make? But make command creates these lines :cool:
 
I had a problem with PHP as well. So, I uncommented and changed the path to temp directory in php.ini file.
Code:
sys_temp_dir=/php/tmp
Anyway, I have the problem with MySQL. I've set
Code:
tmpdir = /mysql/tmp
socket = /mysql/tmp
in my.cnf without success.
I can not run the mysql-server.
 
Back
Top