From 3760b43241b579406242961c551b9fb25b0c673b Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Sat, 21 Jul 2018 11:14:08 +0200 Subject: [PATCH 01/10] Create /var/run/nslcd/socket after dropping privileges This is needed to avoid a problem where a call to initgroups() can result in NSS lookups. If nscd is configured the mechanism to avoid loopback lookups using nss_ldap_enablelookups will not work and cause for delays on start-up. Note that this changes ownership of the socket to the user running nslcd. --- nslcd/nslcd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nslcd/nslcd.c b/nslcd/nslcd.c index 82c09ab..be14ac9 100644 --- a/nslcd/nslcd.c +++ b/nslcd/nslcd.c @@ -2,7 +2,7 @@ nslcd.c - ldap local connection daemon Copyright (C) 2006 West Consulting - Copyright (C) 2006-2017 Arthur de Jong + Copyright (C) 2006-2018 Arthur de Jong This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -769,8 +769,6 @@ int main(int argc, char *argv[]) exit(EXIT_FAILURE); } adjust_oom_score(); - /* create socket */ - nslcd_serversocket = create_socket(NSLCD_SOCKET); /* start subprocess to do invalidating if reconnect_invalidate is set */ for (i = 0; i < LM_NONE; i++) if (nslcd_cfg->reconnect_invalidate[i]) @@ -825,6 +823,8 @@ int main(int argc, char *argv[]) } log_log(LOG_DEBUG, "setuid(%lu) done", (unsigned long int)nslcd_cfg->uid); } + /* create socket */ + nslcd_serversocket = create_socket(NSLCD_SOCKET); /* start worker threads */ log_log(LOG_INFO, "accepting connections"); nslcd_threads = (pthread_t *)malloc(nslcd_cfg->threads * sizeof(pthread_t)); -- 2.19.1