dovecot-1.1: mbox: If INBOX creation fails because of EACCES, tr...

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-1.1/rev/dd378ab0263e
changeset: 7539:dd378ab0263e
user:      Timo Sirainen <tss at iki.fi>
date:      Sun May 25 01:52:17 2008 +0300
description:
mbox: If INBOX creation fails because of EACCES, try with privileged group
enabled.

diffstat:

2 files changed, 8 insertions(+), 1 deletion(-)
dovecot-example.conf                      |    2 +-
src/lib-storage/index/mbox/mbox-storage.c |    7 +++++++

diffs (36 lines):

diff -r abdf9e06a956 -r dd378ab0263e dovecot-example.conf
--- a/dovecot-example.conf	Sun May 25 01:45:31 2008 +0300
+++ b/dovecot-example.conf	Sun May 25 01:52:17 2008 +0300
@@ -270,7 +270,7 @@
 #mail_gid =
 
 # Group to enable temporarily for privileged operations. Currently this is
-# used only for creating mbox dotlock files when creation fails for INBOX.
+# used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
 #mail_privileged_group =
 
diff -r abdf9e06a956 -r dd378ab0263e src/lib-storage/index/mbox/mbox-storage.c
--- a/src/lib-storage/index/mbox/mbox-storage.c	Sun May 25 01:45:31 2008 +0300
+++ b/src/lib-storage/index/mbox/mbox-storage.c	Sun May 25 01:52:17 2008 +0300
@@ -4,6 +4,7 @@
 #include "ioloop.h"
 #include "array.h"
 #include "istream.h"
+#include "restrict-access.h"
 #include "mkdir-parents.h"
 #include "unlink-directory.h"
 #include "home-expand.h"
@@ -472,6 +473,12 @@ static int verify_inbox(struct mail_stor
 
 	/* make sure inbox file itself exists */
 	fd = open(inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+	if (fd == -1 && errno == EACCES) {
+		/* try again with increased privileges */
+		(void)restrict_access_use_priv_gid();
+		fd = open(inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+		restrict_access_drop_priv_gid();
+	}
 	if (fd != -1)
 		(void)close(fd);
 	else if (errno == ENOTDIR &&