[dovecot-cvs] dovecot/src/master master-settings.c,1.101,1.102

Sun Jan 15 23:24:10 EET 2006

Update of /var/lib/cvs/dovecot/src/master
In directory talvi:/tmp/cvs-serv1229

Modified Files:
	master-settings.c 
Log Message:
Fix base_dir permissions if it exists



Index: master-settings.c
===================================================================
RCS file: /var/lib/cvs/dovecot/src/master/master-settings.c,v
retrieving revision 1.101
retrieving revision 1.102
diff -u -d -r1.101 -r1.102

--- master-settings.c	15 Jan 2006 13:16:53 -0000	1.101
+++ master-settings.c	15 Jan 2006 21:24:08 -0000	1.102
@@ -3,6 +3,7 @@
 #include "common.h"
 #include "istream.h"
 #include "safe-mkdir.h"
+#include "mkdir-parents.h"
 #include "unlink-directory.h"
 #include "syslog-util.h"
 #include "settings.h"
@@ -523,6 +524,7 @@
 static bool settings_verify(struct settings *set)
 {
 	const char *dir;
+	struct stat st;
 	int facility;
 
 	if (!get_login_uid(set))
@@ -602,9 +604,26 @@
 	fix_base_path(set, &set->ssl_parameters_file);
 	fix_base_path(set, &set->login_dir);
 
-	/* since they're under /var/run by default, they may have been
+	/* since base dir is under /var/run by default, it may have been
 	   deleted. */
-	(void)mkdir(set->base_dir, 0777);
+	if (mkdir_parents(set->base_dir, 0777) < 0 && errno != EEXIST) {
+		i_error("mkdir(%s) failed: %m", set->base_dir);
+		return FALSE;
+	}
+	if (lstat(set->base_dir, &st) < 0) {
+		i_error("lstat(%s) failed: %m", set->base_dir);
+		return FALSE;
+	}
+	if ((st.st_mode & 0750) != 0750) {
+		/* FIXME: backwards compatibility: fix permissions so that
+		   login processes can find ssl-parameters file. Group rx is
+		   enough, but change it to world-rx so that we don't have to
+		   start changing groups and causing possibly other problems. */
+		i_warning("Fixing permissions of %s to be world-readable",
+			  set->base_dir);
+		if (chmod(set->base_dir, 0777) < 0)
+			i_error("chmod(%s) failed: %m", set->base_dir);
+	}
 
 	if (!settings_have_connect_sockets(set)) {
 		/* we are not using external authentication, so make sure the

