Package: davmail Version: 5.5.1.3299-2 Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
Davmail seems to run with systemd's DynamicUser configuration. That means that the user the daemon runs with is not known before runtime. Therefore I cannot give specific permissions to the private keys for SSL. See the excerpt from the configuration file /etc/davmail.properties below. I use davmail.ssl.keystoreFile to set the file with the certificate and the private key. I have to give o+r permissions to make this work, because I cannot change the ownership to the user davmail uses. I also suspect that the following error has to do with the same problem: Aug 11 14:21:52 delta davmail[167802]: 2020-08-11 14:21:52,294 ERROR [main] davmail - Unable to set log file path The log file directive in /etc/davmail.properties is also printed below. I use davmail.logFilePath to set the log path. But I cannot give the daemon the right permissions to the /var/log path, because the user is not known before runtime due to the DynamicUser configuration. Is there a solution or should DynamicUser be turned off as it was before? Best, Christoph -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-2-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages davmail depends on: ii adduser 3.118 ii default-jre-headless [java9-runtime-headless] 2:1.11-72 ii init-system-helpers 1.58 ii jarwrapper 0.75 ii libcommons-codec-java 1.14-1 ii libcommons-httpclient-java 3.1-15 ii libcommons-logging-java 1.2-2 ii libhtmlcleaner-java 2.24-1 ii libhttpclient-java 4.5.11-1 ii libjackrabbit-java 2.18.0+r2.14.6-1 ii libjcifs-java 1.3.19-2 ii libjettison-java 1.4.0-1 ii liblog4j1.2-java 1.2.17-9 ii libmail-java 1.6.5-1 ii libservlet-api-java 4.0.1-2 ii libslf4j-java 1.7.25-3 ii libstax2-api-java 4.1-1 ii libwoodstox-java 1:6.2.0-1 ii logrotate 3.16.0-3 ii lsb-base 11.1.0 ii openjdk-11-jre-headless [java9-runtime-headless] 11.0.8+10-1 davmail recommends no packages. Versions of packages davmail suggests: ii libopenjfx-java 11.0.7+0-2 pn libswt-cairo-gtk-4-jni <none> pn libswt-gtk2-4-jni <none> -- Configuration Files: /etc/davmail.properties changed: davmail.ssl.keystoreType=PKCS12 davmail.ssl.keystoreFile=/etc/ssl/ServerCA/apache.cert.subaltnames.pkcs12 davmail.logFilePath=/var/log/davmail.log -- no debconf information