Bug 153689 - cyradm fails to delete mailboxes (selinux/pam_selinux)
cyradm fails to delete mailboxes (selinux/pam_selinux)
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: cyrus-imapd (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Petr Rockai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-04-04 21:27 EDT by Rob Kearey
Modified: 2008-02-07 02:43 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-02-07 02:43:02 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Rob Kearey 2005-04-04 21:27:54 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050225 Firefox/1.0.1 Red Hat/1.0.1-1.4.3

Description of problem:
To delete a cyrus mailbox, the procedure is normally thus:

su - cyrus
cyradm
connect localhost
dm foo/bar

However, under FC3 I recieve the following:

localhost.localdomain> lm
em (\HasNoChildren)                 user/feebz/Sent (\HasNoChildren)
feebz (\HasNoChildren)              user/feebz/Trash (\HasNoChildren)
robk (\HasNoChildren)               user/robk (\HasChildren)
user.em (\HasNoChildren)            user/robk/Drafts (\HasNoChildren)
user/em (\HasNoChildren)            user/robk/Junk (\HasNoChildren)
user/feebz (\HasChildren)           user/robk/Sent (\HasNoChildren)
user/feebz/Drafts (\HasNoChildren)  user/robk/Trash (\HasNoChildren)
localhost.localdomain> dm em
deletemailbox: Permission denied

Look at messages reveals:
Apr  5 11:19:58 pants su(pam_unix)[8468]: session opened for user cyrus by robk(uid=500)
Apr  5 11:19:58 pants su[8468]: Warning!  Could not relabel /dev/pts/0 with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Apr  5 11:20:03 pants perl: No worthy mechs found
Apr  5 11:20:12 pants su(pam_unix)[8468]: session closed for user cyrus

Problem seems to be the same as http://lists.centos.org/pipermail/centos/2005-March/003537.html 

Not sure if this is a selinux-policy targeted, cyrus-imapd or pam_selinux bug, please feel free to move as appropriate.



Version-Release number of selected component (if applicable):
cyrus-imapd-2.2.10-3.fc3

How reproducible:
Always

Steps to Reproduce:
1. su - cyrus
2. cyradm, dm foo
3. no soup for you
  

Actual Results:  Mailbox not removed, permission denied on cyradm console

Expected Results:  Mailbox manipulation should proceed as expected.

Additional info:
Comment 1 Brian Beaudoin 2005-06-21 00:19:00 EDT
The admin user never has delete privileges by default.  In order to delete a
mailbox, you must add "create" permission to the admin user (cyrus).

     sam user.<username> cyrus c
     dm user.<username>

It's in the documentation.
Comment 2 Matthew Miller 2006-07-10 18:01:44 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 3 petrosyan 2008-02-07 02:43:02 EST
Fedora Core 3 is not maintained anymore.

Setting status to "INSUFFICIENT_DATA". If you can reproduce this bug in the
current Fedora release, please reopen this bug and assign it to the
corresponding Fedora version.

Note You need to log in before you can comment on or make changes to this bug.