[Dovecot] permissions warning on OpenBSD 3.9
At startup I get the following warning: "Warning: Fixing permissions of /var/dovecot to be world-readable."
Q: Is this something that I can/should fix, or can it be safely ignored?
Thnx, J
- J Moore, 2006-08-01 07:49
At startup I get the following warning: "Warning: Fixing permissions of /var/dovecot to be world-readable."
Q: Is this something that I can/should fix, or can it be safely ignored?
You usually should only see this once, after that dovecot is supposed to fix it by itself, provided that it has sufficient privileges to do so. What user is dovecot running as, and what's the owner and permission settings of /var/dovecot?
BTW, while we're at it (this one's for Timo, I guess ;-) - is there a specific reason why this check is done via lstat() rather than via plain ol' stat() (see src/master/master-settings.c, line# 784)?
I'm using GNU stow, so /usr/local/var/run/dovecot is actually a symlink to /usr/local/stow/dovecot-data/var/run/dovecot - which, in fact, does have the proper permissions (dovecot:dovecot, 0755) already. Yet I'm still getting this warning everytime dovecot starts up, because lstat() returns the permissions of the symlink (0777) rather than those of the target (0755). "Fixing" it with chmod() in line# 798 doesn't actually fix it, of course, because chmod(), as opposed to lstat(), affects the link target rather than the link itself.
Just curious ...
Thomas
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic zlatko@gmx.at Linux-2.6.17 & Thunderbird-1.5 -
"It is not easy to cut through a human head with a hacksaw." (M. C.) -
- Geert Hendrickx, 2006-08-01 10:10
On Tue, Aug 01, 2006 at 09:58:33AM +0200, Thomas Zajic wrote:
"Fixing" it with chmod() in line# 798 doesn't actually fix it, of course, because chmod(), as opposed to lstat(), affects the link target rather than the link itself.
Use chmod -h.
I'm not talking about fixing it from the command line (no need to, as the permissions are in fact correct), I'm talking about the chmod() call in the dovecot source (src/master/master-settings.c, line# 798). ;-)
BTW my (command line) chmod doesn't know a "-h" option, what's it supposed to do? Something with (not) following symlinks, I guess?
| [zlatko@disclosure]:~$ chmod -h | chmod: invalid option -- h | Try `chmod --help' for more information. | [zlatko@disclosure]:~$ chmod --version | head -1 | chmod (coreutils) 5.2.1
Thomas
=-------------------------------------------------------------------------=
- Thomas "ZlatkO" Zajic zlatko@gmx.at Linux-2.6.17 & Thunderbird-1.5 -
"It is not easy to cut through a human head with a hacksaw." (M. C.) -
On Tue, 2006-08-01 at 09:58 +0200, Thomas Zajic wrote:
BTW, while we're at it (this one's for Timo, I guess ;-) - is there a specific reason why this check is done via lstat() rather than via plain ol' stat() (see src/master/master-settings.c, line# 784)?
I guess it could be a symlink. Changed now. In general I use lstat() everywhere to avoid possible problems with them.
On Tue, Aug 01, 2006 at 12:49:38AM -0500, J Moore wrote:
At startup I get the following warning: "Warning: Fixing permissions of /var/dovecot to be world-readable."
Q: Is this something that I can/should fix, or can it be safely ignored?
Thnx, J
When Dovecot prints this message it has corrected the issue already. The OpenBSD port was creating /var/doveocot with permissions of 0700 instead of 0755, as it should be. I fixed the port 3 days ago.
On Tue, Aug 01, 2006 at 04:04:06AM -0400, the unit calling itself Brad wrote:
On Tue, Aug 01, 2006 at 12:49:38AM -0500, J Moore wrote:
At startup I get the following warning: "Warning: Fixing permissions of /var/dovecot to be world-readable."
Q: Is this something that I can/should fix, or can it be safely ignored?
When Dovecot prints this message it has corrected the issue already. The OpenBSD port was creating /var/doveocot with permissions of 0700 instead of 0755, as it should be. I fixed the port 3 days ago.
If 0755 is what it should be, then you are correct:
$ ls -l /var ... drwxr-xr-x 3 root wheel 512 Aug 1 01:30 dovecot ...
On a different topic: I also had an issue with the default file locks; I had to change: From: #mbox_write_locks = dotlock fcntl To: mbox_write_locks = fcntl
I got this change from a blog that turned up in a Google search.
Best Rgds, J
On Tue, Aug 01, 2006 at 10:52:29AM -0500, J Moore wrote:
On Tue, Aug 01, 2006 at 04:04:06AM -0400, the unit calling itself Brad wrote:
On Tue, Aug 01, 2006 at 12:49:38AM -0500, J Moore wrote:
At startup I get the following warning: "Warning: Fixing permissions of /var/dovecot to be world-readable."
Q: Is this something that I can/should fix, or can it be safely ignored?
When Dovecot prints this message it has corrected the issue already. The OpenBSD port was creating /var/doveocot with permissions of 0700 instead of 0755, as it should be. I fixed the port 3 days ago.
If 0755 is what it should be, then you are correct:
$ ls -l /var ... drwxr-xr-x 3 root wheel 512 Aug 1 01:30 dovecot ...
On a different topic: I also had an issue with the default file locks; I had to change: From: #mbox_write_locks = dotlock fcntl To: mbox_write_locks = fcntl
I got this change from a blog that turned up in a Google search.
I also fixed the example config that is installed by the port to use fcntl for the mbox write locking method.
On Tue, Aug 01, 2006 at 12:31:41PM -0400, the unit calling itself Brad wrote:
On a different topic: I also had an issue with the default file locks; I had to change: From: #mbox_write_locks = dotlock fcntl To: mbox_write_locks = fcntl
I got this change from a blog that turned up in a Google search.
I also fixed the example config that is installed by the port to use fcntl for the mbox write locking method.
Cool... by example config do you mean the one that's installed in /etc/dovecot.conf?
J
On Tue, Aug 01, 2006 at 09:22:55PM -0500, J Moore wrote:
On Tue, Aug 01, 2006 at 12:31:41PM -0400, the unit calling itself Brad wrote:
On a different topic: I also had an issue with the default file locks; I had to change: From: #mbox_write_locks = dotlock fcntl To: mbox_write_locks = fcntl
I got this change from a blog that turned up in a Google search.
I also fixed the example config that is installed by the port to use fcntl for the mbox write locking method.
Cool... by example config do you mean the one that's installed in /etc/dovecot.conf?
Yes.
participants (5)
-
Brad
-
Geert Hendrickx
-
J Moore
-
Thomas Zajic
-
Timo Sirainen