----- Original Message ----- > From: "William" <william@xxxxxxxxxxxxxxx> > To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx> > Sent: Thursday, 19 February, 2015 4:29:23 AM > Subject: Re: acl on logs, 389 strips effective rights mask. > > On Fri, 2015-02-13 at 03:31 -0500, German Parente wrote: > > Hi William, > > > > the access mode for the rhds logs is set in these configuration settings > > under cn=config: > > > > nsslapd-auditlog-mode > > nsslapd-errorlog-mode > > nsslapd-accesslog-mode > > > > I don't know whether we could use a value to just inherit from acl defined. > > It seems that setting these from 600 to 660 I end up with > > # file: access > # owner: nobody > # group: nobody > user::rw- > user:splunk:r-x #effective:r-- > group::rwx #effective:r-- > mask::r-- > other::--- > > As opposed to before which was: > > # file: access > # owner: nobody > # group: nobody > user::rw- > user:splunk:r-x #effective:--- > group::rwx #effective:--- > mask::--- > other::--- > > So it looks like there is some interaction between the mode settings and > the acls mask. Any hints where in the source I could dig to find this? > Hi William, it's in ldap/servers/slapd/log.c Regards, German. > -- > William <william@xxxxxxxxxxxxxxx> > > -- > 389 users mailing list > 389-users@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
