[Dovecot] Dovecot chgrp actions on new files/folders
Timo, I did further study of the user/group permissions. Applying the below patch will make no difference to virtually everyone out there. Those that have default uid/gid ownership won't see any change as the gid already matches so the fchown() action won't be attempted. Those that have sgid will still see the normal expected fchown() enforced by the kernel which becomes a duplicated action by dovecot. In the last case, those with an unknown 3rd party gid were used to seeing fchown() failures and those will now go away. It is only this third group that will see anything change as all other cases are already handled. Anyone who wishes to create new files with another group ID should make their directories sgid or stgid as per normal filesystem ACL semantics. The original net effect of this only turns on an fchown() that will fail and emit numerous error messages. This patch fixes that. Technically the fchown is unneccessary extra code already since any directory that is sgid or stgid will have ownership enforced by the kernel already. I simply made it #if 0 below, the correct patch would be to delete the extraneous block. --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-08 13:02:54.000000000 -0400 @@ -450,7 +450,7 @@ } if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) { @@ -460,9 +460,13 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { + } +#if 0 +#warning this code makes dovecot attempt to chgrp files to wrong ownership + else { *gid_r = st.st_gid; } +#endif } if (name == NULL) {
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Le 14.10.2010 19:49, David Ford a écrit :
Timo,
I did further study of the user/group permissions. Applying the below patch will make no difference to virtually everyone out there. Those that have default uid/gid ownership won't see any change as the gid already matches so the fchown() action won't be attempted. Those that have sgid will still see the normal expected fchown() enforced by the kernel which becomes a duplicated action by dovecot. In the last case, those with an unknown 3rd party gid were used to seeing fchown() failures and those will now go away. It is only this third group that will see anything change as all other cases are already handled. Anyone who wishes to create new files with another group ID should make their directories sgid or stgid as per normal filesystem ACL semantics. The original net effect of this only turns on an fchown() that will fail and emit numerous error messages. This patch fixes that. Technically the fchown is unneccessary extra code already since any directory that is sgid or stgid will have ownership enforced by the kernel already.
I simply made it #if 0 below, the correct patch would be to delete the extraneous block.
--- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-08 13:02:54.000000000 -0400 @@ -450,7 +450,7 @@ }
if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode & 0070) >> 3 == (st.st_mode & 0007)) { @@ -460,9 +460,13 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { + } +#if 0 +#warning this code makes dovecot attempt to chgrp files to wrong ownership + else { *gid_r = st.st_gid; } +#endif }
if (name == NULL) {
Timo, I think this patch should be commiter <anonymous> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iD8DBQFMt0O9tXI/OwkhZKcRAlyZAJ4qWsCEjknuckDNAgSXA6gRb+dFxgCgg1cw ty1a2H9zif955FLuxMBNE3c= =CKzb -----END PGP SIGNATURE-----
On Thu, 2010-10-14 at 13:49 -0400, David Ford wrote:
Timo,
I did further study of the user/group permissions. Applying the below patch will make no difference to virtually everyone out there.
No, it breaks it for people using shared mailboxes without sgid in the directories. There is no documentation that even suggests using sgid, so I think it could break a lot of installations.
Those that have default uid/gid ownership won't see any change as the gid already matches so the fchown() action won't be attempted. Those that have sgid will still see the normal expected fchown() enforced by the kernel which becomes a duplicated action by dovecot.
If there is sgid bit set, Dovecot doesn't do a duplicate fchown() anymore but trusts that kernel already preserved it.
I don't see a way to change this behavior anymore without annoying a lot of people.
participants (3)
-
David Ford
-
fakessh@fakessh.eu
-
Timo Sirainen