Red Hat Bugzilla – Bug 153689
cyradm fails to delete mailboxes (selinux/pam_selinux)
Last modified: 2008-02-07 02:43:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Red Hat/1.0.1-1.4.3
Description of problem:
To delete a cyrus mailbox, the procedure is normally thus:
su - cyrus
However, under FC3 I recieve the following:
em (\HasNoChildren) user/feebz/Sent (\HasNoChildren)
feebz (\HasNoChildren) user/feebz/Trash (\HasNoChildren)
robk (\HasNoChildren) user/robk (\HasChildren)
user.em (\HasNoChildren) user/robk/Drafts (\HasNoChildren)
user/em (\HasNoChildren) user/robk/Junk (\HasNoChildren)
user/feebz (\HasChildren) user/robk/Sent (\HasNoChildren)
user/feebz/Drafts (\HasNoChildren) user/robk/Trash (\HasNoChildren)
localhost.localdomain> dm em
deletemailbox: Permission denied
Look at messages reveals:
Apr 5 11:19:58 pants su(pam_unix): session opened for user cyrus by robk(uid=500)
Apr 5 11:19:58 pants su: Warning! Could not relabel /dev/pts/0 with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Apr 5 11:20:03 pants perl: No worthy mechs found
Apr 5 11:20:12 pants su(pam_unix): session closed for user cyrus
Problem seems to be the same as http://lists.centos.org/pipermail/centos/2005-March/003537.html
Not sure if this is a selinux-policy targeted, cyrus-imapd or pam_selinux bug, please feel free to move as appropriate.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. su - cyrus
2. cyradm, dm foo
3. no soup for you
Actual Results: Mailbox not removed, permission denied on cyradm console
Expected Results: Mailbox manipulation should proceed as expected.
The admin user never has delete privileges by default. In order to delete a
mailbox, you must add "create" permission to the admin user (cyrus).
sam user.<username> cyrus c
It's in the documentation.
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Fedora Core 3 is not maintained anymore.
Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.