Package: calendarserver
--- Please enter the report below this line. ---
I am observing the following for calendarserver 7.0. If I do not give
arguments "-u caldavd -g caldavd" while calling the caldavd daemon
(caldavd -X) and instead configure the user and group in
/etc/caldavd/caldavd.plist, I see the following:
# ls -al /var/run/caldavd/
total 12
drwxr-xr-x 2 caldavd caldavd 180 Jan 17 08:43 .
drwxr-xr-x 16 root root 580 Jan 16 18:46 ..
-rw-r--r-- 1 root root 5 Jan 17 08:43 caldavd.pid
srw-rw---- 1 root caldavd 0 Jan 17 08:43 caldavd.sock
-rw-r--r-- 1 root root 5 Jan 17 08:43 caldav-instance-0.pid
-rw-r--r-- 1 root root 5 Jan 17 08:43 caldav-instance-1.pid
srw-rw---- 1 root root 0 Jan 17 08:43 directory-proxy.sock
lrwxrwxrwx 1 root root 5 Jan 17 08:43 directory-proxy.sock.lock
-> 28332
srwx------ 1 caldavd caldavd 0 Jan 17 08:43 memcache.sock
As caldavd user does not have permissions for directory-proxy.sock,
calendarserver does not work properly and I see Permission Denied
messages in error.log.
If I do pass the "-u caldavd -g caldavd" arguments (caldavd -X -u
caldavd -g caldavd) and remove the user and group information in
/etc/caldavd/caldavd.plist, I see the following:
# ls -al /var/run/caldavd/
total 12
drwxr-xr-x 2 caldavd caldavd 180 Jan 17 08:51 .
drwxr-xr-x 16 root root 580 Jan 16 18:46 ..
-rw-r--r-- 1 root root 5 Jan 17 08:51 caldavd.pid
srw-rw---- 1 root root 0 Jan 17 08:51 caldavd.sock
-rw-r--r-- 1 caldavd caldavd 5 Jan 17 08:51 caldav-instance-0.pid
-rw-r--r-- 1 caldavd caldavd 5 Jan 17 08:51 caldav-instance-1.pid
srw-rw---- 1 caldavd caldavd 0 Jan 17 08:51 directory-proxy.sock
lrwxrwxrwx 1 caldavd caldavd 5 Jan 17 08:51 directory-proxy.sock.lock
-> 28420
srwx------ 1 caldavd caldavd 0 Jan 17 08:51 memcache.sock
In this case, calendarserver works properly but the error.log shows
permission denied error as the caldavd user does not have permissions
for caldavd.sock file. To address this issue, I have configured the user
and group in /etc/caldavd/caldavd.plist as well. Now I get the drop
privileges warning, but there are no Permission denied errors in error.log.
So, I have decided to call the caldavd daemon with username and group
arguments and at the same time have the same username and group
configured in /etc/caldavd/caldavd.plist
--- System information. ---
Architecture: amd64
Kernel: Linux 4.3.0-1-amd64
Debian Release: stretch/sid
500 trusty ppa.launchpad.net
500 stable dl.google.com
500 stable deb.opera.com
500 oldstable packages.x2go.org
1000 testing security.debian.org
1000 testing httpredir.debian.org
--- Package information. ---
Package's Depends field is empty.
Package's Recommends field is empty.
Package's Suggests field is empty.
--
http://rahul.amaram.name