Bug#607222: /usr/sbin/prayer: wrong permission of /var/log/prayer
Am 15.12.2010 21:44, schrieb Magnus Holmgren: Solution: install /var/log/prayer with group-owner nogroup The idea is that nobody and nogroup should be completely unprivileged, and hence should not own _anything_. Many log files belong to group adm. This is ok, if you change the config prayer_group = adm it will run. check_directory_perms is probably a bit too picky as it doesn't even accept group root. I probably should just arrange for a group prayer to be created and the directories assigned to it, and if you want to set check_directory_perms=TRUE you should probably do that too for now. For me this seems to be the best solution. having addgroup --system prayer chgrp prayer -R /var/log/prayer chgrp prayer -R /var/run/prayer and prayer_group = prayer runs without error. However, each solution (group adm or prayer) should ensure that prayer will start up with the standard configuration out of the package and check_directory_perms=TRUE. mfg Matthias Taube -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607222: /usr/sbin/prayer: wrong permission of /var/log/prayer
Package: prayer Version: 1.3.3-dfsg1-2 Severity: important File: /usr/sbin/prayer The prayer package in squeeze installs /var/log/prayer with group-owner adm The Config File prayer.cf sets as default the group of prayer to nogroup. So if you start prayer with check_directory_perms = TRUE, you will get an Error: Starting webmail server: prayerprayer PANICLOG: Failed to open panic log file: paniclog Error was: Dec 15 20:25:25 [1785] /var/log/prayer directory must be owned by user prayer, group nogroup and not accessible by othe0rs failed! Solution: install /var/log/prayer with group-owner nogroup -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages prayer depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc-client2007e8:2007e~dfsg-3.1 c-client library for mail protocol ii libc6 2.11.2-7 Embedded GNU C Library: Shared lib ii libdb4.84.8.30-2 Berkeley v4.8 Database Libraries [ ii libldap-2.4-2 2.4.23-7 OpenLDAP libraries ii libssl0.9.8 0.9.8o-3 SSL shared libraries ii libtidy-0.99-0 20091223cvs-1HTML syntax checker and reformatte ii logrotate 3.7.8-6 Log rotation utility ii nullmailer [mail-transp 1:1.04-1.2 simple relay-only mail transport a ii ssl-cert1.0.26 simple debconf wrapper for OpenSSL ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime prayer recommends no packages. Versions of packages prayer suggests: ii aspell0.60.6-4 GNU Aspell spell-checker pn imap-server none (no description available) ii ispell3.1.20.0-7 International Ispell (an interacti pn prayer-accountd none (no description available) pn prayer-templates-src none (no description available) -- Configuration Files: /etc/default/prayer changed [not included] /etc/init.d/prayer [not included] /etc/prayer/prayer.cf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#607222: /usr/sbin/prayer: wrong permission of /var/log/prayer
severity 607222 normal thanks On onsdagen den 15 december 2010, you stated the following: The prayer package in squeeze installs /var/log/prayer with group-owner adm The Config File prayer.cf sets as default the group of prayer to nogroup. So if you start prayer with check_directory_perms = TRUE, you will get an Error: Starting webmail server: prayerprayer PANICLOG: Failed to open panic log file: paniclog Error was: Dec 15 20:25:25 [1785] /var/log/prayer directory must be owned by user prayer, group nogroup and not accessible by othe0rs failed! Solution: install /var/log/prayer with group-owner nogroup The idea is that nobody and nogroup should be completely unprivileged, and hence should not own _anything_. Many log files belong to group adm. check_directory_perms is probably a bit too picky as it doesn't even accept group root. I probably should just arrange for a group prayer to be created and the directories assigned to it, and if you want to set check_directory_perms=TRUE you should probably do that too for now. -- Magnus Holmgrenholmg...@debian.org Debian Developer signature.asc Description: This is a digitally signed message part.
