[Courier-imap] UID/GID Errors with 4.3.0
I hit this over the weekend upgrading from 4.2.0 to 4.3.0 - Some users (myself included) were getting the following (or similar) message in various IMAP clients (or running imapd in a shell): * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the correct uid or gid: No such file or directory It seems to only happen to users that are in more than one group. Courier appears to be using the GID from /etc/passwd to do its thing and is running in to problems where a user's Maildir is in a different group than the login group (in my case, it's in the group that the homedir is in). For instance, in /etc/passwd, I'm gid 20 (staff), but my homedir and Maildir are in group 0 (wheel). Changing my login group to wheel with vipw fixed it - I'm not sure what changed to cause this, however. This behavior wasn't present in 4.2.0. Any thoughts would be appreciated. Regards, Roddie - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
On Tue, Jan 15, 2008 at 10:01:53AM -0600, Roddie Hasan wrote: > I hit this over the weekend upgrading from 4.2.0 to 4.3.0 - Some users > (myself included) were getting the following (or similar) message in > various IMAP clients (or running imapd in a shell): > > * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the > correct uid or gid: No such file or directory > > It seems to only happen to users that are in more than one group. Courier > appears to be using the GID from /etc/passwd to do its thing and is > running in to problems where a user's Maildir is in a different group than > the login group (in my case, it's in the group that the homedir is in). Looking in numlib/changeuidgid.c I see that libmail_changeuidgid() does *not* call initgroups(), but libmail_changeusername() does. You may find that it works if the uid is given as a name, rather than a number. (This depends on what backend database you're using) > For instance, in /etc/passwd, I'm gid 20 (staff), but my homedir and > Maildir are in group 0 (wheel). Ugh. Having your mailbox set to be owned by root is not a good idea - your mail program will have to assume root privileges, and hence if it gets broken into, your box will be rooted too. Brian. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
Brian, Thanks for the reply. > Looking in numlib/changeuidgid.c I see that libmail_changeuidgid() does > *not* call initgroups(), but libmail_changeusername() does. > > You may find that it works if the uid is given as a name, rather than a > number. (This depends on what backend database you're using) >From my courier-authlib debugs, this is what I saw being passed: Jan 12 16:35:08 krweb authdaemond: Authenticated: sysusername=roddie, sysuserid=, sysgroupid=20, homedir=/home/roddie, address=roddie, fullname=Roddie Hasan, maildir=, quota=, options= This fields are the same for users that work and users that do not. The difference between the two is that the non-working users' Maildirs are in a different group than their login. This configuration worked fine before 4.3.0 I'm assuming launching imapd in a FreeBSD shell passes info the same way since I see the problem there, but I'm just guessing. >> For instance, in /etc/passwd, I'm gid 20 (staff), but my homedir and >> Maildir are in group 0 (wheel). > > Ugh. Having your mailbox set to be owned by root is not a good idea - your > mail program will have to assume root privileges, and hence if it gets > broken into, your box will be rooted too. I should have been clearer - My Maildir (and homedir) are in the wheel group (vs. being in the staff group), but are owned by myself and not root. Thanks again for your reply! Regards, Roddie - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
Roddie Hasan writes: It seems to only happen to users that are in more than one group. Courier appears to be using the GID from /etc/passwd to do its thing and is running in to problems where a user's Maildir is in a different group than the login group (in my case, it's in the group that the homedir is in). Files created by the imap server process itself -- and the imap server does create files itself -- will be owned by the primary uid and gid, and any auxiliary groups are completely irrelevant. Having newly-created files owned by a different uid/gid than the maildir itself may result in strange or unpredictable behavior later down the road. Furthermore -- and this goes beyond the IMAP server -- an account's home directory's, and maildir's, ownership should match what's given as the account primary uid, gid. If the account is a member of some other, auxiliary group, that's fine but the account's home directory and maildir should match what's in the account database. Someone who knows what they're doing can certainly set things up differently, which will work fine for them, since they know how things work, and how to make them work. However, that cannot be said for everyone, and there's been steady procession of less-capable individuals complaining about mysterious error messages, that were ultimately resolved as due to mismatches between the actual maildir ownership, and what the account database gave as the primary uid/gid, forcing an explicit sanity check to be added. You can certainly remove that snippet of code from the IMAP server, yourself. pgp31huVxNUIG.pgp Description: PGP signature - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
Sam, > Furthermore -- and this goes beyond the IMAP server -- an account's home > directory's, and maildir's, ownership should match what's given as the > account primary uid, gid. If the account is a member of some other, auxiliary > group, that's fine but the account's home directory and maildir should match > what's in the account database. Understood. Where my server's differences came in to play is when I migrated to a new server a year or two ago. I recreated the user accounts manually (matching UID/GID values), and the migrated the home directories. During the process of recreating the users, I did some cleaning up for the login groups (I login as staff now instead of wheel, and instead I just put myself in wheel in /etc/groups etc.), and I left the home directories in their previous groups. Understanding that this was is not optimal, since the Courier upgrade exposed it, I've gone through and made everything match. The main reason for my post was to help others who might've run into this (there are a few hits on the list and other groups), and also to report the difference in how Courier 4.3.0 reacts to this configration (it worked with 4.2.0 and previous). Regards, Roddie - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
On Tue, Jan 15, 2008 at 04:13:56PM -0600, Roddie Hasan wrote: > >You may find that it works if the uid is given as a name, rather than a > >number. (This depends on what backend database you're using) > > From my courier-authlib debugs, this is what I saw being passed: > > Jan 12 16:35:08 krweb authdaemond: Authenticated: sysusername=roddie, > sysuserid=, sysgroupid=20, homedir=/home/roddie, address=roddie, > fullname=Roddie Hasan, maildir=, quota=, options= OK, next check for HAVE_INITGROUPS in numlib/config.h > This fields are the same for users that work and users that do not. The > difference between the two is that the non-working users' Maildirs are in > a different group than their login. This configuration worked fine before > 4.3.0 > > I'm assuming launching imapd in a FreeBSD shell passes info the same way > since I see the problem there, but I'm just guessing. Could you explain that last bit? How exactly are you running imapd? The group-changing code will only be invoked if imapd is running initially as root, and is changing the account to settings returned by courier-authlib If you invoke imapd directly at the shell, this won't happen. I think you'd have to invoke pop3login instead. B. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
Brian, Going by Sam's reply, this seemed to be an intentional change in 4.3.0 for a sanity check. I've already fixed-up my system by making the login groups match the homedir groups for the affected user. I would still like to go through the exercise here for my own sanity, though. :-) >> Jan 12 16:35:08 krweb authdaemond: Authenticated: sysusername=roddie, >> sysuserid=, sysgroupid=20, homedir=/home/roddie, address=roddie, >> fullname=Roddie Hasan, maildir=, quota=, options= > > OK, next check for HAVE_INITGROUPS in numlib/config.h It's defined to 1. > Could you explain that last bit? How exactly are you running imapd? The > group-changing code will only be invoked if imapd is running initially as > root, and is changing the account to settings returned by courier-authlib That's what I would have figured, too - I am simply typing imapd, (which is not suid/sgid). Example when login GID does not match Maildir GID: % id uid=1037(yawnto) gid=20(staff) groups=20(staff),1002(users) % ls -ald Maildir/ drwx-- 17 yawnto users 512 Nov 5 12:17 Maildir/ % imapd * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the correct uid or gid: No such file or directory When the above GIDs do match (ie. I put yawnto back into users): % imapd * PREAUTH Ready. INFO: LOGIN, user=yawnto, ip=[127.0.0.1], port=[0], protocol=IMAP Regards, Roddie - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
Re: [Courier-imap] UID/GID Errors with 4.3.0
On Wed, Jan 16, 2008 at 05:57:12AM -0600, Roddie Hasan wrote: > >>Jan 12 16:35:08 krweb authdaemond: Authenticated: sysusername=roddie, > >>sysuserid=, sysgroupid=20, homedir=/home/roddie, address=roddie, > >>fullname=Roddie Hasan, maildir=, quota=, options= > > > >OK, next check for HAVE_INITGROUPS in numlib/config.h > > It's defined to 1. > > >Could you explain that last bit? How exactly are you running imapd? The > >group-changing code will only be invoked if imapd is running initially as > >root, and is changing the account to settings returned by courier-authlib > > That's what I would have figured, too - I am simply typing imapd, (which > is not suid/sgid). That's what confused me - firstly you showed courier-authlib logs showing the account being authenticated, but then you said that you're running imapd directly from the command line (which doesn't perform any authentication at all, nor change user or groups, so this is a red herring) > Example when login GID does not match Maildir GID: > > % id > uid=1037(yawnto) gid=20(staff) groups=20(staff),1002(users) > > % ls -ald Maildir/ > drwx-- 17 yawnto users 512 Nov 5 12:17 Maildir/ > > % imapd > * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the > correct uid or gid: No such file or directory OK, I see there's an explicit check for this in imap/imapd.c: if ( buf.st_uid != geteuid() || buf.st_gid != getegid()) write_error_exit("Account's mailbox directory is not owned by the correct uid or gid"); I've also seen Sam's reply. I can see where he's coming from - if you're going to use supplementary groups then you need to know what you're doing (e.g. use the sticky bit to ensure that the files created inside are owned by the directory's own group, rather than the user's primary group) But for other users, this whole gid check is superfluous: e.g. mode 700 is perfectly legitimate and often appropriate for a Maildir, in which case it doesn't matter what group is assigned. As Sam says - you can always kill the check. Regards, Brian. - This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse012070mrt/direct/01/ ___ Courier-imap mailing list Courier-imap@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap