Bug 37272 - Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: sendmail (Show other bugs)
7.1
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Florian La Roche
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-23 17:02 EDT by Jason Kirtland
Modified: 2007-04-18 12:32 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-24 13:21:37 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Kirtland 2001-04-23 17:02:21 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)


Cyrus IMAP (from Powertools) wants an /etc/sasldb owned and readable by 
user 'cyrus', with group 'mail'.  Sendmail will see that it is owned by 
cyrus and complain:
  safesasl(/etc/sasldb) error: Permission denied.
Turning on the group 'mail' read bit gets:
  safesasl(/etc/sasldb) failed: Group readable file.
There is a sendmail option to quelch this, the DONT_BLAME_SENDMAIL flag 
`GroupReadableSaslFile'.  Unfortunately you've got to have support for 
this compiled in with _FFR_UNSAFE_SASL. RedHat sendmail does not.

Reproducible: Always
Steps to Reproduce:
1.  Install Cyrus IMAP or ACAP, etc.
2.  Setup your sasldb users
3.  Fire up sendmail
Comment 1 Jason Kirtland 2001-04-23 17:44:36 EDT
Ok, I managed to mangle the SRPM to use the UNSAFE_SASL option.  But it still
refuses to read the sasldb, claiming "permission denied".  The process is
running as root!

Comment 2 Need Real Name 2001-04-24 13:04:28 EDT
Try changing ownership of /etc/sasldb to cyrus.root, that worked for me on 7.0.
Comment 3 Jason Kirtland 2001-04-24 13:21:32 EDT
That works for me too, but only after rebuilding to allow the group readable sasldb.
Comment 4 Florian La Roche 2002-03-10 02:58:24 EST
Please let me know if something should still be changed in sendmail. Current
support looks ok to me.

Thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.