Please don’t manage permissions of libnss-ldap.conf file with debconf

During a random security upgrade on Debian :

# ls -l libnss-ldap.conf
-rw-r--r-- 1 root root 9863 2008-02-15 18:40 libnss-ldap.conf
# dpkg -l nscd | grep un
un  nscd           <none>         (no description available)
# aptitude upgrade
Preparing to replace libnss-ldap 251-7.5 (using .../libnss-ldap_251-7.5etch1_i386.deb) ...
Unpacking replacement libnss-ldap ...
Setting up libnss-ldap (251-7.5etch1) ...
# ls -l libnss-ldap.conf
-rw------- 1 root root 9863 2008-02-15 20:55 libnss-ldap.conf

Oops! With this permissions on the libnss-ldap.conf file, some services will be broken. For example, in Postfix/LDAP configuration, Postfix local mail delivery will fail because he can’t find homeDirectory of local user. And Postfix error message isn’t very explicit:

postfix/qmgr[12063]: warning: transport local failure --
see a previous warning/fatal/panic logfile record for the problem description

For more details, see my post on #455907

Comments are closed.