# Too secure /tmp for OpenLDAP and OpenDKIM



## IPTRACE (Jul 12, 2017)

I have a problem with permissions on /tmp folder.
I've changed permissions from

```
drwxrwxrwt root wheel tmp/
```
to
	
	



```
drwxr-xr-t root wheel tmp/
```
Then I could not start OpenLDAP.
Can someone support me with this issue? (I want to keep 1755 permissions)
	
	



```
slapd[78705]: @(#) $OpenLDAP: slapd 2.4.45 (Jul  2 2017 07:29:37) $       root@110amd64-quarterly-job-03:/wrkdirs/usr/ports/net/openldap24-server/work/openldap-2.4.45/servers/slapd
slapd[78706]: config_back_db_open: line 0: warning: cannot assess the validity of the ACL scope within backend naming context
slapd[78706]: mdb_db_open: database "dc=domain,dc=com" cannot be opened: File exists (17). Restore from backup!
```
I cannot find whether I could change temporary directory in OpenLDAP configuration file.


----------



## SirDice (Jul 12, 2017)

IPTRACE said:


> I want to keep 1755 permissions


Why? What are you hoping to prevent? Various applications expect /tmp to have 1777 permissions.


----------



## IPTRACE (Jul 12, 2017)

I harden my systems as much as possible.
I had a problem with OpenDKIM as well but the configuraton allows me to change temporary directory path to my own.
	
	



```
TemporaryDirectory      /opendkim/tmp
```
I read that OpenLDAP uses the /usr/tmp which is symbolic link to /tmp but nothing more yet.


----------



## IPTRACE (Jul 12, 2017)

I've found two files responsible for setting path to temporary directory. (I think so)
	
	



```
/usr/ports/net/openldap24-server/work/openldap-2.4.45/build/config.guess
/usr/ports/net/openldap24-server/work/openldap-2.4.45/contrib/ldapc++/config.guess
```
These lines shortly describe a variable to path.
	
	



```
: ${TMPDIR=/tmp} ;
```
Firstly, these files are created during `make` in appropriate folder in ports.
Secondly, everytime I do `make clean` and then `make` commands these files are created from source.
I've tried to set 
	
	



```
chflags schange filename
```
 to prevent removal these files during `make clean` but error occures.
Is it possible to run `make` command and keep these files unchanged?


----------



## SirDice (Jul 12, 2017)

IPTRACE said:


> ```
> : ${TMPDIR=/tmp} ;
> ```


Ah, that's usually helpful. You might be able to configure the temporary folder by setting the $TMPDIR environment variable to a location where the LDAP user is able to write.


----------



## IPTRACE (Jul 12, 2017)

Unfortunately, it doesn't work. I've set `setenv TMPDIR /openldap/tmp` for root user (because I use `sudo make`) without success. For standard user as well to be sure.
The quiestion is: how can I provide these new lines before make? But make command creates these lines


----------



## IPTRACE (Jul 15, 2017)

I had a problem with PHP as well. So, I uncommented and changed the path to temp directory in php.ini file.
	
	



```
sys_temp_dir=/php/tmp
```
Anyway, I have the problem with MySQL. I've set 
	
	



```
tmpdir = /mysql/tmp
socket = /mysql/tmp
```
 in my.cnf without success.
I can not run the mysql-server.


----------



## IPTRACE (Jul 15, 2017)

My little mistake.
	
	



```
socket = /mysql/tmp/mysql.sock
```
 does the job.


----------

