153689 – cyradm fails to delete mailboxes (selinux/pam_selinux)

Bug 153689 - cyradm fails to delete mailboxes (selinux/pam_selinux)

Summary: cyradm fails to delete mailboxes (selinux/pam_selinux)

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cyrus-imapd
Sub Component:
Version:	3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Petr Rockai
QA Contact:	Brian Brock
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2005-04-05 01:27 UTC by Rob Kearey
Modified:	2008-02-07 07:43 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2008-02-07 07:43:02 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rob Kearey 2005-04-05 01:27:54 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Red Hat/1.0.1-1.4.3

Description of problem:
To delete a cyrus mailbox, the procedure is normally thus:

su - cyrus
cyradm
connect localhost
dm foo/bar

However, under FC3 I recieve the following:

localhost.localdomain> lm
em (\HasNoChildren)                 user/feebz/Sent (\HasNoChildren)
feebz (\HasNoChildren)              user/feebz/Trash (\HasNoChildren)
robk (\HasNoChildren)               user/robk (\HasChildren)
user.em (\HasNoChildren)            user/robk/Drafts (\HasNoChildren)
user/em (\HasNoChildren)            user/robk/Junk (\HasNoChildren)
user/feebz (\HasChildren)           user/robk/Sent (\HasNoChildren)
user/feebz/Drafts (\HasNoChildren)  user/robk/Trash (\HasNoChildren)
localhost.localdomain> dm em
deletemailbox: Permission denied

Look at messages reveals:
Apr  5 11:19:58 pants su(pam_unix)[8468]: session opened for user cyrus by robk(uid=500)
Apr  5 11:19:58 pants su[8468]: Warning!  Could not relabel /dev/pts/0 with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Apr  5 11:20:03 pants perl: No worthy mechs found
Apr  5 11:20:12 pants su(pam_unix)[8468]: session closed for user cyrus

Problem seems to be the same as http://lists.centos.org/pipermail/centos/2005-March/003537.html 

Not sure if this is a selinux-policy targeted, cyrus-imapd or pam_selinux bug, please feel free to move as appropriate.



Version-Release number of selected component (if applicable):
cyrus-imapd-2.2.10-3.fc3

How reproducible:
Always

Steps to Reproduce:
1. su - cyrus
2. cyradm, dm foo
3. no soup for you
  

Actual Results:  Mailbox not removed, permission denied on cyradm console

Expected Results:  Mailbox manipulation should proceed as expected.

Additional info:

Comment 1 Brian Beaudoin 2005-06-21 04:19:00 UTC

The admin user never has delete privileges by default.  In order to delete a
mailbox, you must add "create" permission to the admin user (cyrus).

     sam user.<username> cyrus c
     dm user.<username>

It's in the documentation.

Comment 2 Matthew Miller 2006-07-10 22:01:44 UTC

Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 3 petrosyan 2008-02-07 07:43:02 UTC

Fedora Core 3 is not maintained anymore.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.