Re: [Dovecot] Occasional fchown errors?
On 11/10/2010 9:07 PM, Knute Johnson wrote: On 11/10/2010 10:53 AM, Timo Sirainen wrote: On Wed, 2010-11-10 at 10:34 -0800, Knute Johnson wrote: Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) chmod 0600 /var/mail/* Normal installations don't need them to be 0660. Thanks, I'll try that. knute... That seems to have fixed it. Thanks, knute...
[Dovecot] Occasional fchown errors?
Hi: I get the occasional error below. Is there something I don't have configured correctly? Or should I just ignore this? It is not always this file, sometimes it is the cache.lock file or the log.newlock file. I have a mail client running on my computer and my phone at the same time, could that have something to do with it? Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) From dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb: driver: passwd Thanks very much, -- Knute Johnson
Re: [Dovecot] Occasional fchown errors?
Use this patch, it fixes dovecot's ownership inheritance assumptions. Colt ~ # cat /usr/local/portage/net-mail/dovecot/files/dovecot-2.0.5-bad-permissions-inheritance.patch --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.0 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-14 15:20:15.0 -0400 @@ -25,6 +25,9 @@ #include unistd.h #include dirent.h #include sys/stat.h +#include stdlib.h +#include grp.h +#include pwd.h /* 20 * (200+1) 4096 which is the standard PATH_MAX. Having these settings prevents malicious user from creating eg. a/a/a/.../a mailbox name and @@ -450,7 +453,7 @@ } if (S_ISDIR(st.st_mode) (st.st_mode S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode 0070) 3 == (st.st_mode 0007)) { @@ -460,8 +463,39 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { - *gid_r = st.st_gid; + } + + else { + /* test for unusable inheritance. logic sets fgid_me to st.gid + for unlikely case of lookup failure and we just fall through */ + int j, ngroups = 999; + gid_t *groups; + gid_t fgid_me = st.st_gid; + + groups = malloc(ngroups * sizeof (gid_t)); + if (groups != NULL) { + uid_t egid = getegid(); + struct passwd *pw = getpwuid(geteuid()); + if (pw != NULL) { + /* get pw entry for test using my current effective uid */ + if (getgrouplist(pw-pw_name, egid, groups, ngroups) != -1) { + /* get list of group IDs my euid belongs to, ngroups + will be set to the number of groups I belong to */ + fgid_me = egid; + for (j = 0; j ngroups; j++) { + /* enumerate list, test to see if i belong + to gid of parent directory */ + if (st.st_gid == groups[j]) { + /* if so, switch to parent gid */ + fgid_me = st.st_gid; + } + } + } + } + free(groups); + } + + *gid_r = fgid_me; } } On 11/10/2010 01:34 PM, Knute Johnson wrote: Hi: I get the occasional error below. Is there something I don't have configured correctly? Or should I just ignore this? It is not always this file, sometimes it is the cache.lock file or the log.newlock file. I have a mail client running on my computer and my phone at the same time, could that have something to do with it? Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) From dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb: driver: passwd Thanks very much,
Re: [Dovecot] Occasional fchown errors?
On Wed, 2010-11-10 at 10:34 -0800, Knute Johnson wrote: Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) chmod 0600 /var/mail/* Normal installations don't need them to be 0660.
Re: [Dovecot] Occasional fchown errors?
as a reminder if you didn't follow the thread. this only avoids inheritance assumption. if you have shared folders, they should be g+s to delegate (group) ownership. also, this is for 2.x -david On 11/10/2010 01:48 PM, David Ford wrote: Use this patch, it fixes dovecot's ownership inheritance assumptions. Colt ~ # cat /usr/local/portage/net-mail/dovecot/files/dovecot-2.0.5-bad-permissions-inheritance.patch --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.0 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-14 15:20:15.0 -0400 @@ -25,6 +25,9 @@ #include unistd.h #include dirent.h #include sys/stat.h +#include stdlib.h +#include grp.h +#include pwd.h /* 20 * (200+1) 4096 which is the standard PATH_MAX. Having these settings prevents malicious user from creating eg. a/a/a/.../a mailbox name and @@ -450,7 +453,7 @@ } if (S_ISDIR(st.st_mode) (st.st_mode S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode 0070) 3 == (st.st_mode 0007)) { @@ -460,8 +463,39 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { - *gid_r = st.st_gid; + } + + else { + /* test for unusable inheritance. logic sets fgid_me to st.gid + for unlikely case of lookup failure and we just fall through */ + int j, ngroups = 999; + gid_t *groups; + gid_t fgid_me = st.st_gid; + + groups = malloc(ngroups * sizeof (gid_t)); + if (groups != NULL) { + uid_t egid = getegid(); + struct passwd *pw = getpwuid(geteuid()); + if (pw != NULL) { + /* get pw entry for test using my current effective uid */ + if (getgrouplist(pw-pw_name, egid, groups, ngroups) != -1) { + /* get list of group IDs my euid belongs to, ngroups + will be set to the number of groups I belong to */ + fgid_me = egid; + for (j = 0; j ngroups; j++) { + /* enumerate list, test to see if i belong + to gid of parent directory */ + if (st.st_gid == groups[j]) { + /* if so, switch to parent gid */ + fgid_me = st.st_gid; + } + } + } + } + free(groups); + } + + *gid_r = fgid_me; } } On 11/10/2010 01:34 PM, Knute Johnson wrote: Hi: I get the occasional error below. Is there something I don't have configured correctly? Or should I just ignore this? It is not always this file, sometimes it is the cache.lock file or the log.newlock file. I have a mail client running on my computer and my phone at the same time, could that have something to do with it? Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) From dovecot -n # 1.2.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-25-generic i686 Ubuntu 10.04.1 LTS log_timestamp: %Y-%m-%d %H:%M:%S protocols: imaps ssl_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem ssl_key_file: /etc/ssl/private/ssl-cert-snakeoil.key login_dir: /var/run/dovecot/login login_executable: /usr/lib/dovecot/imap-login mail_privileged_group: mail mail_location: mbox:~/mail:INBOX=/var/mail/%u mbox_write_locks: fcntl dotlock auth default: passdb: driver: pam userdb: driver: passwd Thanks very much,
Re: [Dovecot] Occasional fchown errors?
On 2010-11-10 13:48:13 -0500, David Ford wrote: Use this patch, it fixes dovecot's ownership inheritance assumptions. [snip] 1. he is using 1.2.9 and your patch is for 2.0, would your patch work for 1.2.9 aswell. 2. you want to attach the patch and not paste it inline. your mail client mangled the lines. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org
Re: [Dovecot] Occasional fchown errors?
hmm. yes, that might be sensible of me :} i haven't touched 1.x in so long, i have no idea if it's applicable. my understanding from Timo is that it's been this way for quite some time so it would likely be easy to massage into place. it's linked at http://stuph.org/dovecot-2.0.5-bad-permissions-inheritance.patch and attached. -d On 11/10/2010 01:54 PM, Marcus Rueckert wrote: On 2010-11-10 13:48:13 -0500, David Ford wrote: Use this patch, it fixes dovecot's ownership inheritance assumptions. [snip] 1. he is using 1.2.9 and your patch is for 2.0, would your patch work for 1.2.9 aswell. 2. you want to attach the patch and not paste it inline. your mail client mangled the lines. darix --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.0 -0400 +++ src/lib-storage/mailbox-list.c 2010-10-14 15:20:15.0 -0400 @@ -25,6 +25,9 @@ #include unistd.h #include dirent.h #include sys/stat.h +#include stdlib.h +#include grp.h +#include pwd.h /* 20 * (200+1) 4096 which is the standard PATH_MAX. Having these settings prevents malicious user from creating eg. a/a/a/.../a mailbox name and @@ -450,7 +453,7 @@ } if (S_ISDIR(st.st_mode) (st.st_mode S_ISGID) != 0) { - /* directory's GID is used automatically for new + /* directory is sgid, so GID is used automatically for new files */ *gid_r = (gid_t)-1; } else if ((st.st_mode 0070) 3 == (st.st_mode 0007)) { @@ -460,8 +463,39 @@ } else if (getegid() == st.st_gid) { /* using our own gid, no need to change it */ *gid_r = (gid_t)-1; - } else { - *gid_r = st.st_gid; + } + + else { + /* test for unusable inheritance. logic sets fgid_me to st.gid + for unlikely case of lookup failure and we just fall through */ + int j, ngroups = 999; + gid_t *groups; + gid_t fgid_me = st.st_gid; + + groups = malloc(ngroups * sizeof (gid_t)); + if (groups != NULL) { + uid_t egid = getegid(); + struct passwd *pw = getpwuid(geteuid()); + if (pw != NULL) { + /* get pw entry for test using my current effective uid */ + if (getgrouplist(pw-pw_name, egid, groups, ngroups) != -1) { + /* get list of group IDs my euid belongs to, ngroups + will be set to the number of groups I belong to */ + fgid_me = egid; + for (j = 0; j ngroups; j++) { + /* enumerate list, test to see if i belong + to gid of parent directory */ + if (st.st_gid == groups[j]) { + /* if so, switch to parent gid */ + fgid_me = st.st_gid; + } + } + } + } + free(groups); + } + + *gid_r = fgid_me; } }
Re: [Dovecot] Occasional fchown errors?
Timo, i'm stuck with no time for studying code at the moment. is there a quick/easy way to check if this is a personal or shared mailbox we are working under? i can then update my patch so it works for both cases. -david On 11/10/2010 01:58 PM, David Ford wrote: hmm. yes, that might be sensible of me :} i haven't touched 1.x in so long, i have no idea if it's applicable. my understanding from Timo is that it's been this way for quite some time so it would likely be easy to massage into place. it's linked at http://stuph.org/dovecot-2.0.5-bad-permissions-inheritance.patch and attached. -d On 11/10/2010 01:54 PM, Marcus Rueckert wrote: On 2010-11-10 13:48:13 -0500, David Ford wrote: Use this patch, it fixes dovecot's ownership inheritance assumptions. [snip] 1. he is using 1.2.9 and your patch is for 2.0, would your patch work for 1.2.9 aswell. 2. you want to attach the patch and not paste it inline. your mail client mangled the lines. darix
Re: [Dovecot] Occasional fchown errors?
On Wed, 2010-11-10 at 14:01 -0500, David Ford wrote: Timo, i'm stuck with no time for studying code at the moment. is there a quick/easy way to check if this is a personal or shared mailbox we are working under? i can then update my patch so it works for both cases. Well, you could check if list-ns-type is NAMESPACE_PRIVATE or something else. But then again, some people have created shared mailboxes by symlinking them into private namespace, and then it's pretty much impossible to know if it's shared or not.
Re: [Dovecot] Occasional fchown errors?
yes, my mind has been churning on path dereference resolution and efficiency since i made this version of the patch. thank you. -david On 11/10/2010 02:13 PM, Timo Sirainen wrote: On Wed, 2010-11-10 at 14:01 -0500, David Ford wrote: Timo, i'm stuck with no time for studying code at the moment. is there a quick/easy way to check if this is a personal or shared mailbox we are working under? i can then update my patch so it works for both cases. Well, you could check if list-ns-type is NAMESPACE_PRIVATE or something else. But then again, some people have created shared mailboxes by symlinking them into private namespace, and then it's pretty much impossible to know if it's shared or not.
Re: [Dovecot] Occasional fchown errors?
On 2010-11-10 1:48 PM, David Ford wrote: Use this patch, Better to update, no? 1.2.9 is a bit behind... or is this not fixed in the current stable 1.2.16? -- Best regards, Charles
Re: [Dovecot] Occasional fchown errors?
On 11/10/2010 10:53 AM, Timo Sirainen wrote: On Wed, 2010-11-10 at 10:34 -0800, Knute Johnson wrote: Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob): fchown(/home/bob/mail/.imap/INBOX/dovecot.index.tmp, -1, 8(mail)) failed: Operation not permitted (egid=1000(bob), group based on /var/mail/bob) chmod 0600 /var/mail/* Normal installations don't need them to be 0660. Thanks, I'll try that. knute...