This actually came from Thomas, so I'll explain as best I can. Basically, he was trying to set the permissions on the error log file using the nsslapd-errorlog-mode configuration attribute. The default setting is 600. He was setting it to 644 and then rotating the log, but it wasn't changing the permissions from 600. He figured that the log file must be getting its permissions settings from a umask somewhere, not from the nsslapd-errorlog-mode attribute, and he found it in the start script, "umask 077". As soon as he changed the permissions in the start script, the permissions on the logs changed. So, to summarize, none of the nsslapd-*log-mode configuration attributes work because the file permissions are set manually in the start script.
Created attachment 362142 [details] patch
To ssh://git.fedorahosted.org/git/389/ds.git 58b0496..60c49dd master -> master commit 60c49ddc2956222468f36be1e5f5a5358fb92774 Author: Rich Megginson <rmeggins> Date: Tue Sep 22 15:47:17 2009 -0600 Start script hardcodes file permissions mask to 077 (600), so the nsslapd-*l https://bugzilla.redhat.com/show_bug.cgi?id=495522 Resolves: bug 495522 Bug Description: Start script hardcodes file permissions mask to 077 (600), Reviewed by: nkinder (Thanks!) Fix Description: Use umask 002 for the directory server process Platforms tested: Fedora 11 x86_64 Flag Day: no Doc impact: no
verified - RHEL 4 version: redhat-ds-base-8.2.0-2010052704.el4dsrv init script /etc/init.d/dirsrv # start the directory server in a subshell so that the instance specific # init config environment will not apply to any other instance ( umask 002 # reset umask to allow logs and other files modes to be explicitly set [ -f /etc/sysconfig/dirsrv-$instance ] && . /etc/sysconfig/dirsrv-$instance $exec -D $instbase/slapd-$instance -i $pidfile -w $startpidfile )