To give some background. I installed OpenLDAP 2.x on a solaris server no problem. And also configured the server to lookup user by querying ldap with the native ldap client. I have turned off ldap cache manager, do to other issues with that product.
Anyways, I read that is a good idea to make the /var/ldap/ldap_client_cred read only for root. When I did that I was still able to login OK, but I received an error upon login,
"Sun Microsystems Inc. SunOS 5.8 Generic February 2000
mail: Cannot open file '/var/mail/' for output"
To fix it, I made the mail group own the file(previously it was bin), then changed the permission 440 on that file. And it was fixed.
Now my question is, is there a more elegant way to fix this issue? Could have I broken something else by doing it this way? Did I lose any security by using this method? Any thoughts would be appreciated. Thank you in advance.
Anyways, I read that is a good idea to make the /var/ldap/ldap_client_cred read only for root. When I did that I was still able to login OK, but I received an error upon login,
"Sun Microsystems Inc. SunOS 5.8 Generic February 2000
mail: Cannot open file '/var/mail/' for output"
To fix it, I made the mail group own the file(previously it was bin), then changed the permission 440 on that file. And it was fixed.
Now my question is, is there a more elegant way to fix this issue? Could have I broken something else by doing it this way? Did I lose any security by using this method? Any thoughts would be appreciated. Thank you in advance.