Re: Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
Rick Thomas wrote: |On Dec 30, 2015, at 3:36 AM, Steffen Nurpmeso wrote: |> Rick Thomas wrote: |>|Hi Steffan, |> |> (My name is Steffen) | |Ooops! Sorry! Don't worry, i had so many typos myself in what followed.. .. |> It must be SETUID to a super-user that can impersonate as all |So the fix posted by Hilko Bengen is correct. Thanks for the confirmation! The Debian package system is quite complicated, but if chmod(1) must be called explicitly then it is, yes. Normally the `doinstall' / `packager-install' make(1) rules (`install' in v14.9) should do the right thing (tm) by themselves. The current v14.8.6 has already learned and explicitly sorts sources for reproducible-builds.org and alos should also work on Debian/kFreeBSD out of the box, for example. More in v14.9 (e.g., truly parallelizable build phase). |>|Thanks for all your help! |> |> Hm. Thanks to you. Just complain loudly if something isn't what |> you’d expected! | |Don’t worry, I will! Yes, please! And a happy new year.. --steffen
Re: Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
On Dec 30, 2015, at 9:51 AM, Jörg-Volker Peetz wrote: > Steffen Nurpmeso wrote on 12/30/15 12:36: >> Hello! >> >> Rick Thomas wrote: > > >> |-rwxr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep > > Wouldn't these be enough rights for mailx to do it's work? > I.e., owner: root, group: mail, sticky bit for the group? > This works on my system (and on Rick's). > > Regards, > jvp. Set-gid alone works for all my use cases, but I have never needed to use the “-u user” option to masquerade as someone different from myself. If you need to do that, I’m guessing that nothing less than set-uid will do the job. Though I haven’t tried it so I don’t know for sure… Enjoy! Rick
Re: Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
On Dec 30, 2015, at 3:36 AM, Steffen Nurpmeso wrote: > Hello! > > Rick Thomas wrote: > |Hi Steffan, > > (My name is Steffen) Ooops! Sorry! > Well, just as already shown in this thread, on my local box it is > > ?0[sdaoden@wales nail.git]$ ll /usr/local/libexec/s-nail-privsep > -r-sr-xr-x 1 root root 9860 Dec 2 14:45 /usr/local/libexec/s-nail-privsep* > > It must be SETUID to a super-user that can impersonate as all > users and groups that mailx(1) may potentially open system > mailboxes for in order to give mailbox locks the UID and GID of > the mailbox they are ment for. Usually only root satisfies this. > I thing i need to improve the wording (not examples) in make.rc > and INSTALL. So the fix posted by Hilko Bengen is correct. Thanks for the confirmation! > > |Thanks for all your help! > > Hm. Thanks to you. Just complain loudly if something isn't what > you’d expected! Don’t worry, I will! > Ciao, > > |Rick > > --steffen >
Re: Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
Steffen Nurpmeso wrote on 12/30/15 12:36: > Hello! > > Rick Thomas wrote: > |-rwxr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep Wouldn't these be enough rights for mailx to do it's work? I.e., owner: root, group: mail, sticky bit for the group? This works on my system (and on Rick's). Regards, jvp.
Re: Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
Hello! Rick Thomas wrote: |Hi Steffan, (My name is Steffen) |So what, exactly, are the correct permissions for s-nail-privsep? | |Should it be: |-rwxr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep |or: |-rwsr-xr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep |or: |-rwsr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep | |Or something else? Well, just as already shown in this thread, on my local box it is ?0[sdaoden@wales nail.git]$ ll /usr/local/libexec/s-nail-privsep -r-sr-xr-x 1 root root 9860 Dec 2 14:45 /usr/local/libexec/s-nail-privsep* It must be SETUID to a super-user that can impersonate as all users and groups that mailx(1) may potentially open system mailboxes for in order to give mailbox locks the UID and GID of the mailbox they are ment for. Usually only root satisfies this. I thing i need to improve the wording (not examples) in make.rc and INSTALL. |Thanks for all your help! Hm. Thanks to you. Just complain loudly if something isn't what you'd expected! Ciao, |Rick --steffen
Bug#806858 Re: s-nail: mailx: Unable to (dot) lock mailbox, aborting operation: Permission denied
Hi Steffan, So what, exactly, are the correct permissions for s-nail-privsep? Should it be: -rwxr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep or: -rwsr-xr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep or: -rwsr-sr-x 1 root mail 10104 Dec 4 14:52 /usr/lib/s-nail/s-nail-privsep Or something else? Thanks for all your help! Rick