On Wed, Oct 08, 2003 at 12:37:53AM +0300, Petri Riihikallio wrote: > [Tue Oct 07 09:30:30 2003] [error] [client a.b.c.d] setgid: Operation > not permitted, referer: > http://mail.example.com/cgi-bin/sqwebmail?noframes=1 > > That happened, when I changed the owner:group of sqwebmail to > vmail:vmail. Courier-IMAP is running as vmail just fine. Then I > changed the owner:group back to root:wheel and everything went back > to normal. That's when I started investigating this.
I presume you maintained the setuid bit on the sqwebmail binary after changing the ownership? The above error is likely to happen when sqwebmail is setuid to user A, but the database says that the userid is B (or setgid to group X, but the database says the account is gid Y) If the binary is running as group X then a call to setgid(X) will succeed, but a call to setgid(Y) will fail. As long as the database says the account belongs to vmail:vmail then it should be OK. Regards, Brian.
