From 282b1924744cbee864df56e2eed51b172533c585 Mon Sep 17 00:00:00 2001 From: Kurt Zeilenga Date: Mon, 16 Oct 2000 22:19:29 +0000 Subject: [PATCH] Note that the directory containing the replogfile as well as the slurpd temporary directory should have limited read/write/execute access. --- doc/man/man5/slapd.conf.5 | 4 +++- doc/man/man8/slurpd.8 | 5 ++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5 index 92da56e3b6..d7b20945f9 100644 --- a/doc/man/man5/slapd.conf.5 +++ b/doc/man/man5/slapd.conf.5 @@ -536,7 +536,9 @@ and read by .BR slurpd (8). See .BR slapd.replog (5) -for more information. +for more information. The specified file should be located +in a directory with limited read/write/execute access as the replication +logs may contain sensitive information. .TP .B rootdn Specify the distinguished name that is not subject to access control diff --git a/doc/man/man8/slurpd.8 b/doc/man/man8/slurpd.8 index 1ea989a946..4323970700 100644 --- a/doc/man/man8/slurpd.8 +++ b/doc/man/man8/slurpd.8 @@ -82,7 +82,8 @@ Specifies the name of the replication logfile. Normally, the name of the replication log file is read from the .B slapd -configuration file. +configuration file. The file should be located in a directory +with limited read/write/execute access. The .B \-r option allows you to override this. In conjunction with the @@ -107,6 +108,8 @@ processes a replication log and exits. .BI \-t " temp\-dir" .B slurpd copies the replication log to a working directory before processing it. +The directory permissions should limit read/write/execute access as +temporary files may contain sensitive information. This option allows you to specify the location of these temporary files. The default is .BR LOCALSTATEDIR/openldap-slurp . -- 2.39.5