{"id":42,"date":"2008-02-15T22:24:21","date_gmt":"2008-02-15T20:24:21","guid":{"rendered":"http:\/\/gcolpart.evolix.net\/blog21\/please-dont-manage-permissions-of-libnss-ldapconf-file-with-debconf\/"},"modified":"2008-02-15T22:25:26","modified_gmt":"2008-02-15T20:25:26","slug":"please-dont-manage-permissions-of-libnss-ldapconf-file-with-debconf","status":"publish","type":"post","link":"https:\/\/gcolpart.evolix.net\/blog21\/please-dont-manage-permissions-of-libnss-ldapconf-file-with-debconf\/","title":{"rendered":"Please don&#8217;t manage permissions of libnss-ldap.conf file with debconf"},"content":{"rendered":"<p>During a random security upgrade on Debian :<\/p>\n<pre># ls -l libnss-ldap.conf\r\n-rw-r--r-- 1 root root 9863 2008-02-15 18:40 libnss-ldap.conf\r\n# dpkg -l nscd | grep un\r\nun  nscd           &lt;none&gt;         (no description available)\r\n# aptitude upgrade\r\n[...]\r\nPreparing to replace libnss-ldap 251-7.5 (using ...\/libnss-ldap_251-7.5etch1_i386.deb) ...\r\nUnpacking replacement libnss-ldap ...\r\nSetting up libnss-ldap (251-7.5etch1) ...\r\n# ls -l libnss-ldap.conf\r\n-rw------- 1 root root 9863 2008-02-15 20:55 libnss-ldap.conf<\/pre>\n<p>Oops! With this permissions on the <em>libnss-ldap.conf<\/em> file, some services will be broken. For example, in Postfix\/LDAP configuration, Postfix local mail delivery will fail because he can&#8217;t find homeDirectory of local user. And Postfix error message isn&#8217;t very explicit:<\/p>\n<pre>postfix\/qmgr[12063]: warning: transport local failure --\r\nsee a previous warning\/fatal\/panic logfile record for the problem description<\/pre>\n<p>For more details, see <a href=\"http:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi?bug=455907#30\">my post<\/a> on <a href=\"http:\/\/bugs.debian.org\/455907\">#455907<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>During a random security upgrade on Debian : # ls -l libnss-ldap.conf -rw-r&#8211;r&#8211; 1 root root 9863 2008-02-15 18:40 libnss-ldap.conf # dpkg -l nscd | grep un un nscd &lt;none&gt; (no description available) # aptitude upgrade [&#8230;] Preparing to replace libnss-ldap 251-7.5 (using &#8230;\/libnss-ldap_251-7.5etch1_i386.deb) &#8230; Unpacking replacement libnss-ldap &#8230; Setting up libnss-ldap (251-7.5etch1) &#8230; # [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,3,5],"tags":[],"class_list":["post-42","post","type-post","status-publish","format-standard","hentry","category-debian","category-english","category-evolix"],"_links":{"self":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts\/42","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/comments?post=42"}],"version-history":[{"count":0,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/posts\/42\/revisions"}],"wp:attachment":[{"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/media?parent=42"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/categories?post=42"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gcolpart.evolix.net\/blog21\/wp-json\/wp\/v2\/tags?post=42"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}