[Dovecot] [Dovecot-news] v2.0.beta4 released

Timo Sirainen tss at iki.fi
Sat Mar 27 04:01:37 EET 2010


On Wed, 2010-03-24 at 20:40 +0100, Rainer Weikusat wrote:
> 	} else if (strncmp(set->path, master_set->base_dir,
>                            base_dir_len) == 0 &&
>                            set->path[base_dir_len] == '/') {
> 	 		i_warning("You should remove base_dir prefix from "
> 			          "unix_listener: %s", set->path);
> 	}
..
> Based on reading through the code, I believe what's going on here is
> as follows: Listening on auth-client is something the program does by
> default. Because of the leading base_dir, the duplicates checking code
> in setting_link_add (lib-settings/settings-parser.c) doesn't detect
> that the explicit definition above is actually a duplicate
> definition. Because of the duplicate, the routine which is supposed to
> create 'unix listener sockets' will try to create the same socket
> twice which causes the observed failure.

Yes, this is why there's the warning about removing base_dir prefix. So
if there are both auth-client and /base_dir/auth-client, it'll first log
the warning and then the duplicate error. So that hopefully tells the
user something.. (There was a bug where the warning didn't get reported
if base_dir ended with '/'.)

> Removing the base_dir prefix will cause the duplicate definition to be
> dropped. But this means that the OP will have to live with the default
> permissions for the auth-client socket which are 0600 and not 0666 as
> he wanted them to be. A better idea might be to support 'merging'
> duplicate socket definitions so that the second one would change the
> permissions for the first. 

It actually works like that! But that merging is in the config parsing
code. So I didn't bother doubling the merging code, especially because
at duplicate checking time it's not known which one of the duplicates
comes first in the config.

> A related idea would be to also add an
> optional fixup routine pointer which could be used to do string
> transformations on the input data prior to the duplicates check.

This is also possible. There's a check_func() callback. But it has the
same problem as above, it's called too late.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20100327/66e2a44f/attachment.bin 


More information about the dovecot mailing list