[Dovecot] Occasional fchown errors?
David Ford
david at blue-labs.org
Wed Nov 10 20:54:01 EET 2010
as a reminder if you didn't follow the thread. this only avoids
inheritance assumption. if you have shared folders, they should be g+s
to delegate (group) ownership. also, this is for 2.x
-david
On 11/10/2010 01:48 PM, David Ford wrote:
> Use this patch, it fixes dovecot's ownership inheritance assumptions.
>
> Colt ~ # cat
> /usr/local/portage/net-mail/dovecot/files/dovecot-2.0.5-bad-permissions-inheritance.patch
>
> --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400
> +++ src/lib-storage/mailbox-list.c 2010-10-14 15:20:15.000000000 -0400
> @@ -25,6 +25,9 @@
> #include <unistd.h>
> #include <dirent.h>
> #include <sys/stat.h>
> +#include <stdlib.h>
> +#include <grp.h>
> +#include <pwd.h>
>
> /* 20 * (200+1) < 4096 which is the standard PATH_MAX. Having these
> settings
> prevents malicious user from creating eg. "a/a/a/.../a" mailbox name and
> @@ -450,7 +453,7 @@
> }
>
> if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) != 0) {
> - /* directory's GID is used automatically for new
> + /* directory is sgid, so GID is used
> automatically for new
> files */
> *gid_r = (gid_t)-1;
> } else if ((st.st_mode & 0070) >> 3 == (st.st_mode &
> 0007)) {
> @@ -460,8 +463,39 @@
> } else if (getegid() == st.st_gid) {
> /* using our own gid, no need to change it */
> *gid_r = (gid_t)-1;
> - } else {
> - *gid_r = st.st_gid;
> + }
> +
> + else {
> + /* test for unusable inheritance. logic sets
> fgid_me to st.gid
> + for unlikely case of lookup failure and we
> just fall through */
> + int j, ngroups = 999;
> + gid_t *groups;
> + gid_t fgid_me = st.st_gid;
> +
> + groups = malloc(ngroups * sizeof (gid_t));
> + if (groups != NULL) {
> + uid_t egid = getegid();
> + struct passwd *pw = getpwuid(geteuid());
> + if (pw != NULL) {
> + /* get pw entry for test using
> my current effective uid */
> + if (getgrouplist(pw->pw_name,
> egid, groups, &ngroups) != -1) {
> + /* get list of group IDs
> my euid belongs to, ngroups
> + will be set to the
> number of groups I belong to */
> + fgid_me = egid;
> + for (j = 0; j < ngroups;
> j++) {
> + /* enumerate
> list, test to see if i belong
> + to gid of
> parent directory */
> + if (st.st_gid ==
> groups[j]) {
> + /* if
> so, switch to parent gid */
> + fgid_me
> = st.st_gid;
> + }
> + }
> + }
> + }
> + free(groups);
> + }
> +
> + *gid_r = fgid_me;
> }
> }
>
>
>
> On 11/10/2010 01:34 PM, Knute Johnson wrote:
>> Hi:
>>
>> I get the occasional error below. Is there something I don't have
>> configured correctly? Or should I just ignore this? It is not always
>> this file, sometimes it is the cache.lock file or the log.newlock
>> file. I have a mail client running on my computer and my phone at the
>> same time, could that have something to do with it?
>>
>> Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob):
>> fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail))
>> failed: Operation not permitted (egid=1000(bob), group based on
>> /var/mail/bob)
>>
>> From dovecot -n
>>
>> # 1.2.9: /etc/dovecot/dovecot.conf
>> # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS
>> log_timestamp: %Y-%m-%d %H:%M:%S
>> protocols: imaps
>> ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
>> ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
>> login_dir: /var/run/dovecot/login
>> login_executable: /usr/lib/dovecot/imap-login
>> mail_privileged_group: mail
>> mail_location: mbox:~/mail:INBOX=/var/mail/%u
>> mbox_write_locks: fcntl dotlock
>> auth default:
>> passdb:
>> driver: pam
>> userdb:
>> driver: passwd
>>
>> Thanks very much,
>>
More information about the dovecot
mailing list