[Dovecot] Dovecot chgrp actions on new files/folders
fakessh at fakessh.eu
fakessh at fakessh.eu
Thu Oct 14 20:54:05 EEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le 14.10.2010 19:49, David Ford a écrit :
> Timo,
>
> I did further study of the user/group permissions. Applying the below
> patch will make no difference to virtually everyone out there. Those
> that have default uid/gid ownership won't see any change as the gid
> already matches so the fchown() action won't be attempted. Those that
> have sgid will still see the normal expected fchown() enforced by the
> kernel which becomes a duplicated action by dovecot. In the last case,
> those with an unknown 3rd party gid were used to seeing fchown()
> failures and those will now go away. It is only this third group that
> will see anything change as all other cases are already handled. Anyone
> who wishes to create new files with another group ID should make their
> directories sgid or stgid as per normal filesystem ACL semantics. The
> original net effect of this only turns on an fchown() that will fail and
> emit numerous error messages. This patch fixes that. Technically the
> fchown is unneccessary extra code already since any directory that is
> sgid or stgid will have ownership enforced by the kernel already.
>
> I simply made it #if 0 below, the correct patch would be to delete the
> extraneous block.
>
> --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400
> +++ src/lib-storage/mailbox-list.c 2010-10-08 13:02:54.000000000 -0400
> @@ -450,7 +450,7 @@
> }
>
> if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) != 0) {
> - /* directory's GID is used automatically for new
> + /* directory is sgid, so GID is used
> automatically for new
> files */
> *gid_r = (gid_t)-1;
> } else if ((st.st_mode & 0070) >> 3 == (st.st_mode &
> 0007)) {
> @@ -460,9 +460,13 @@
> } else if (getegid() == st.st_gid) {
> /* using our own gid, no need to change it */
> *gid_r = (gid_t)-1;
> - } else {
> + }
> +#if 0
> +#warning this code makes dovecot attempt to chgrp files to wrong
> ownership
> + else {
> *gid_r = st.st_gid;
> }
> +#endif
> }
>
> if (name == NULL) {
>
Timo, I think this patch should be commiter
<anonymous>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iD8DBQFMt0O9tXI/OwkhZKcRAlyZAJ4qWsCEjknuckDNAgSXA6gRb+dFxgCgg1cw
ty1a2H9zif955FLuxMBNE3c=
=CKzb
-----END PGP SIGNATURE-----
More information about the dovecot
mailing list