Red Hat Bugzilla – Bug 138631
/sbin/service breaks openldap/tls configuration for at least smbd
Last modified: 2014-03-16 22:50:15 EDT
When configuring openldap clients to use TLS with certificates, the
paths to the cert and the key have to be saved in $HOME/.ldaprc. The
samba daemon can be configured to use ldap with TLS, and thus needs
access to $HOME/.ldaprc when setting up the connection. If you start
up smb using /sbin/service $HOME does not get set in the newly created
environment. This avoids smbd from getting the paths to its required
certs/keys and thus from functioning properly.
Proposal is to also export $HOME in the newly created environment in
/sbin/service. [I am not sure if this introduces additional security
The attached patch fixes this problem, this has been verified locally.
Created attachment 106407 [details]
It's really better for initscripts in general to not inherit the
environment; that's why this change was made.
This is probably something better handled specifcally in initscripts
that need a $HOME.