[Dovecot] auth-master: Permission denied [sigh]
Timo Sirainen
tss at iki.fi
Tue Apr 14 23:21:55 EEST 2009
On Tue, 2009-04-14 at 13:15 -0700, James Butler wrote:
> I have changed /usr/local/libexec/dovecot/deliver permissions as follows:
>
> -rwsr-s--- 1 root dovecot 4044835 2009-04-03 13:52 deliver
>
> Because of message returned to 'sender at example-send.com':
>
> "local configuration error. Command output:
> /usr/local/libexec/dovecot/deliver must not be both world-executable and
> setuid-root. This allows root exploits. See [LDA#multipleuids wiki page]."
>
> Same auth-master "Permission denied" error.
The wiki says it should be:
chmod 04750 /usr/local/libexec/dovecot/deliver
You also had g+s. It probably doesn't make a difference, but who knows.
Anyway.. Once you have deliver as setuid-root, there really just
shouldn't be any auth-master permission denied errors. It's connected to
as root, it makes no difference what its permissions are, deliver should
be able to connect to it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20090414/8f92ec89/attachment.bin
More information about the dovecot
mailing list