Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 115636 - /var/imapd created as 750, should be 755
Summary: /var/imapd created as 750, should be 755
Status: RESOLVED INVALID
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Server (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Net-Mail Packages
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-15 03:11 UTC by Paul Oldham
Modified: 2005-12-26 02:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Oldham 2005-12-15 03:11:47 UTC 
I'm assuming it's this package that is creating /var/imapd and setting its 
permissions. It sets /var/imapd to 750 cyrus:mail. The problem is that some 
processes which are neither UID cyrus or GID mail need access to some files 
below this directory (as is clear from their permissions).

The example I ran into is the socket used by postfix to talk to cyrus via LMTP. 
By default in both packages it's /var/imap/socket/lmtp and the permissions of 
the socket are fine, however because /var/imap is 750 cyrus:mail and postfix 
runs with its own UID/GID it can access the socket. The solution is simple once 
you work it out, set /var/imap to 755. But it took me a while and I'm wondering 
why this isn't the default ...

is that postfix runs

Reproducible: Always
Steps to Reproduce:
Link postfix to cyrus by setting this in /etc/postfix/main.cf
  mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

and this in /etc/cyrus.conf
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

Then try to send mail.
Actual Results:  
The mail won't get delivered and the log will show
 (connect to /var/imap/socket/lmtp[/var/imap/socket/lmtp]: Permission denied)


Expected Results:  
Delivered the mail

Portage 2.0.51.22-r3 (default-linux/x86/2005.1, gcc-3.4.4, glibc-2.3.5-r2, 2.6.
14-gentoo-r2 i686)
=================================================================
System uname: 2.6.14-gentoo-r2 i686 AMD Sempron(tm) Processor 2600+
Gentoo Base System version 1.6.13
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.11
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.20
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-Os -march=athlon-xp -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/
config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-Os -march=athlon-xp -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.bytemark.co.uk/gentoo-distfiles"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://mirror.bytemark.co.uk/gentoo"
USE="x86 apache2 apm arts avi berkdb bitmap-fonts bzip2 crypt cups eds emboss 
encode expat foomaticdb fortran gdbm gif gpm gstreamer gtk2 imlib ipv6 jpeg ldap 
libg++ libwww mad mhash mikmod motif mp3 mpeg mysql ncurses nls ogg oggvorbis 
opengl oss pam pcre pdflib perl png python quicktime readline sdl spell ssl tcpd 
truetype-fonts type1-fonts udev vorbis xml2 xmms xv zlib userland_GNU 
kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, 
PORTDIR_OVERLAY
Comment 1 Paul Oldham 2005-12-15 03:14:55 UTC 
(In reply to comment #0)
> [...] however because /var/imap is 750 cyrus:mail and postfix 
> runs with its own UID/GID it can access the socket.[...]
                                ^
                                |
This should of course read "can't". Sigh. More caffeine Igor.
Comment 2 Paul Oldham 2005-12-26 02:53:40 UTC 
I'm no longer convinced that emerge was responsible for this so I'm marking this bug invalid.