dovecot-1.0: mbox: If INBOX creation fails because of EACCES, tr...
dovecot at dovecot.org
dovecot at dovecot.org
Tue May 27 14:48:59 EEST 2008
details: http://hg.dovecot.org/dovecot-1.0/rev/932768a879c6
changeset: 5552:932768a879c6
user: Timo Sirainen <tss at iki.fi>
date: Tue May 27 14:48:54 2008 +0300
description:
mbox: If INBOX creation fails because of EACCES, try with privileged group
enabled.
diffstat:
2 files changed, 8 insertions(+), 1 deletion(-)
dovecot-example.conf | 2 +-
src/lib-storage/index/mbox/mbox-storage.c | 7 +++++++
diffs (36 lines):
diff -r 71c02fdf1b59 -r 932768a879c6 dovecot-example.conf
--- a/dovecot-example.conf Thu May 15 08:34:53 2008 +0300
+++ b/dovecot-example.conf Tue May 27 14:48:54 2008 +0300
@@ -253,7 +253,7 @@
#}
# Group to enable temporarily for privileged operations. Currently this is
-# used only for creating mbox dotlock files when creation fails for INBOX.
+# used only with INBOX when either its initial creation or dotlocking fails.
# Typically this is set to "mail" to give access to /var/mail.
#mail_privileged_group =
diff -r 71c02fdf1b59 -r 932768a879c6 src/lib-storage/index/mbox/mbox-storage.c
--- a/src/lib-storage/index/mbox/mbox-storage.c Thu May 15 08:34:53 2008 +0300
+++ b/src/lib-storage/index/mbox/mbox-storage.c Tue May 27 14:48:54 2008 +0300
@@ -4,6 +4,7 @@
#include "ioloop.h"
#include "buffer.h"
#include "istream.h"
+#include "restrict-access.h"
#include "home-expand.h"
#include "mkdir-parents.h"
#include "unlink-directory.h"
@@ -537,6 +538,12 @@ static int verify_inbox(struct index_sto
/* make sure inbox file itself exists */
fd = open(storage->inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+ if (fd == -1 && errno == EACCES) {
+ /* try again with increased privileges */
+ (void)restrict_access_use_priv_gid();
+ fd = open(storage->inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+ restrict_access_drop_priv_gid();
+ }
if (fd != -1)
(void)close(fd);
else if (errno == ENOTDIR &&
More information about the dovecot-cvs
mailing list