Bug 1347332 - Permission adjustments required for encryption support
Summary: Permission adjustments required for encryption support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: roundcubemail
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Gwyn Ciesla
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1360510
TreeView+ depends on / blocked
 
Reported: 2016-06-16 14:13 UTC by Michael Cronenworth
Modified: 2016-08-09 21:23 UTC (History)
6 users (show)

Fixed In Version: roundcubemail-1.2.1-3.fc24 roundcubemail-1.2.1-3.fc23
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-08-09 18:19:30 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Michael Cronenworth 2016-06-16 14:13:05 UTC 
Description of problem: Roundcubemail 1.2 introduced GPG encryption/signing support. In order for it to function a few changes to permissions are required.

chown apache /usr/share/roundcubemail/plugins/enigma/home
chcon system_u:object_r:httpd_user_content_t:s0 /usr/share/roundcubemail/plugins/enigma/home
setsebool -P httpd_setrlimit 1

The setsebool option should probably go in a README and require the user to perform it.
Comment 1 Remi Collet 2016-07-27 05:01:55 UTC 
Make /usr/ writable seems a terribly bad idea.

Having a quick look at source, we can redirect this directory.

Can you check something like

$config['enigma_pgp_homedir'] = '/var/lib/roundcubemail-enigma';

If it works, we can add this in the package, with value set in defaults.inc.php
Comment 2 Remi Collet 2016-07-31 16:58:09 UTC 
Fixed by http://pkgs.fedoraproject.org/cgit/rpms/roundcubemail.git/commit/?id=56ffb447bb02774369ec8fb0abf65ad44fd6276b
Comment 3 Remi Collet 2016-07-31 17:20:29 UTC 
Better fix: http://pkgs.fedoraproject.org/cgit/rpms/roundcubemail.git/commit/?id=15e66d05548b13a1b47a08f526ada394b8bd6b41

- use /var/lib/roundcubemail/temp for temporary filesHEADmasterf25f24f23
- use /var/lib/roundcubemail/enigma for GPG keys storage

Having a single tree will allow to work with current SElinux policy.
Comment 4 Fedora Update System 2016-07-31 17:22:27 UTC 
roundcubemail-1.2.1-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-482ac3abc1
Comment 5 Fedora Update System 2016-07-31 17:22:31 UTC 
roundcubemail-1.2.1-3.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e45a16cf2
Comment 6 Fedora Update System 2016-08-01 20:54:10 UTC 
roundcubemail-1.2.1-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-482ac3abc1
Comment 7 Fedora Update System 2016-08-01 20:57:23 UTC 
roundcubemail-1.2.1-3.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-1e45a16cf2
Comment 8 Fedora Update System 2016-08-09 18:19:27 UTC 
roundcubemail-1.2.1-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2016-08-09 21:23:20 UTC 
roundcubemail-1.2.1-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.