bug in group permission check
Jul 19 01:05:27 sv1 dovecot: auth: Error: passwd-file(aa@ddd,89...24,<>): stat(/usr/dovecot-cfg/dom-home/ddd/etc/ddd/shadow) failed: Permission denied (euid=33454(dovecot) egid=33454(dovecot) missing +x perm: /usr/dovecot-cfg/dom-home/ddd, we're not in group 33795(sysgroup), dir owned by 32072:33795 mode=0710)
root@sv1 [~]# sudo -u dovecot groups dovecot sysgroup
root@sv1 [~]# sudo -u dovecot cat /usr/dovecot-cfg/dom-home/ddd/etc/ddd/shadow <prints content of the file>
It seems that dovecot incorecly checks for group permissions not even trying to access file - probably cant handle that dovecot is part of more than 1 group. When its part of single group problem is not occuring.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
krzf83@gmail.com wrote:
Jul 19 01:05:27 sv1 dovecot: auth: Error: passwd-file(aa@ddd,89...24,<>): stat(/usr/dovecot-cfg/dom-home/ddd/etc/ddd/shadow) failed: Permission denied (euid=33454(dovecot) egid=33454(dovecot) missing +x perm: /usr/dovecot-cfg/dom-home/ddd, we're not in group 33795(sysgroup), dir owned by 32072:33795 mode=0710)
root@sv1 [~]# sudo -u dovecot groups dovecot sysgroup
:-) You probably didn't read for what this user is used:
http://wiki2.dovecot.org/UserIds
See Authentication process user
Do you run SELinux?
root@sv1 [~]# sudo -u dovecot cat /usr/dovecot-cfg/dom-home/ddd/etc/ddd/shadow <prints content of the file>
It seems that dovecot incorecly checks for group permissions not even trying to access file - probably cant handle that dovecot is part of more than 1 group. When its part of single group problem is not occuring.
Steffen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Darwin)
iQEVAwUBVawKI3z1H7kL/d9rAQIbAQgAthF1D2WS6Q8g3/sgkURG9KWoqCKlmcC2 M3oaKupQb9qniu6IaN7j44jhEgHx9sz8sVI0OYAPI6lIGZH/jBGXCE0CRg0ydGpJ ORJbmKbsZwxpA5R7tE/B0z9Aji1DNI89Em4MxaBZxtWApxwNtrVYfGWHgQotuzKp J5wTKSm9L06lcy6XU08VUzDzd12ch+zznqhf44EpbjEO9gfMkpMX9i6oRGaMc+pu e7pbbM51G3+fEZ3YaueQjvcjIcteb8COisI0bHvTeX8wd6Z7X6nmGpcQWcpp85xA 1pD9XtohxNrWERDJ7MmkpToNLJ7F27KgncW9Mha8T8u5LUeT2GNeDg== =gdG6 -----END PGP SIGNATURE-----
participants (2)
-
krzf83@gmail.com
-
Steffen