Bug 37272

Summary: Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Product: [Retired] Red Hat Linux Reporter: Jason Kirtland <jek>
Component: sendmailAssignee: Florian La Roche <laroche>
Status: CLOSED RAWHIDE QA Contact: David Lawrence <dkl>
Severity: high Docs Contact:
Priority: medium    
Version: 7.1CC: josborne, rm0
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-24 17:21:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Kirtland 2001-04-23 21:02:21 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)


Cyrus IMAP (from Powertools) wants an /etc/sasldb owned and readable by 
user 'cyrus', with group 'mail'.  Sendmail will see that it is owned by 
cyrus and complain:
  safesasl(/etc/sasldb) error: Permission denied.
Turning on the group 'mail' read bit gets:
  safesasl(/etc/sasldb) failed: Group readable file.
There is a sendmail option to quelch this, the DONT_BLAME_SENDMAIL flag 
`GroupReadableSaslFile'.  Unfortunately you've got to have support for 
this compiled in with _FFR_UNSAFE_SASL. RedHat sendmail does not.

Reproducible: Always
Steps to Reproduce:
1.  Install Cyrus IMAP or ACAP, etc.
2.  Setup your sasldb users
3.  Fire up sendmail
Comment 1 Jason Kirtland 2001-04-23 21:44:36 UTC 
Ok, I managed to mangle the SRPM to use the UNSAFE_SASL option.  But it still
refuses to read the sasldb, claiming "permission denied".  The process is
running as root!
Comment 2 Need Real Name 2001-04-24 17:04:28 UTC 
Try changing ownership of /etc/sasldb to cyrus.root, that worked for me on 7.0.
Comment 3 Jason Kirtland 2001-04-24 17:21:32 UTC 
That works for me too, but only after rebuilding to allow the group readable sasldb.
Comment 4 Florian La Roche 2002-03-10 07:58:24 UTC 
Please let me know if something should still be changed in sendmail. Current
support looks ok to me.

Thanks,

Florian La Roche