On Wed, Jan 16, 2008 at 05:57:12AM -0600, Roddie Hasan wrote:
> >>Jan 12 16:35:08 krweb authdaemond: Authenticated: sysusername=roddie,
> >>sysuserid=<null>, sysgroupid=20, homedir=/home/roddie, address=roddie,
> >>fullname=Roddie Hasan, maildir=<null>, quota=<null>, options=<null>
> >
> >OK, next check for HAVE_INITGROUPS in numlib/config.h
>
> It's defined to 1.
>
> >Could you explain that last bit? How exactly are you running imapd? The
> >group-changing code will only be invoked if imapd is running initially as
> >root, and is changing the account to settings returned by courier-authlib
>
> That's what I would have figured, too - I am simply typing imapd, (which
> is not suid/sgid).
That's what confused me - firstly you showed courier-authlib logs showing
the account being authenticated, but then you said that you're running imapd
directly from the command line (which doesn't perform any authentication at
all, nor change user or groups, so this is a red herring)
> Example when login GID does not match Maildir GID:
>
> % id
> uid=1037(yawnto) gid=20(staff) groups=20(staff),1002(users)
>
> % ls -ald Maildir/
> drwx------ 17 yawnto users 512 Nov 5 12:17 Maildir/
>
> % imapd
> * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the
> correct uid or gid: No such file or directory
OK, I see there's an explicit check for this in imap/imapd.c:
if ( buf.st_uid != geteuid() ||
buf.st_gid != getegid())
write_error_exit("Account's mailbox directory is not
owned by the correct uid or gid");
I've also seen Sam's reply.
I can see where he's coming from - if you're going to use supplementary
groups then you need to know what you're doing (e.g. use the sticky bit to
ensure that the files created inside are owned by the directory's own group,
rather than the user's primary group)
But for other users, this whole gid check is superfluous: e.g. mode 700 is
perfectly legitimate and often appropriate for a Maildir, in which case it
doesn't matter what group is assigned.
As Sam says - you can always kill the check.
Regards,
Brian.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Courier-imap mailing list
Courier-imap@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-imap
