37272 – Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb

Bug 37272 - Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb

Summary: Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb

Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sendmail
Sub Component:	(Show other bugs)
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Florian La Roche
QA Contact:	David Lawrence
Docs Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-04-23 21:02 UTC by Jason Kirtland
Modified:	2007-04-18 16:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2001-04-24 17:21:37 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jason Kirtland 2001-04-23 21:02:21 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)


Cyrus IMAP (from Powertools) wants an /etc/sasldb owned and readable by 
user 'cyrus', with group 'mail'.  Sendmail will see that it is owned by 
cyrus and complain:
  safesasl(/etc/sasldb) error: Permission denied.
Turning on the group 'mail' read bit gets:
  safesasl(/etc/sasldb) failed: Group readable file.
There is a sendmail option to quelch this, the DONT_BLAME_SENDMAIL flag 
`GroupReadableSaslFile'.  Unfortunately you've got to have support for 
this compiled in with _FFR_UNSAFE_SASL. RedHat sendmail does not.

Reproducible: Always
Steps to Reproduce:
1.  Install Cyrus IMAP or ACAP, etc.
2.  Setup your sasldb users
3.  Fire up sendmail

Comment 1 Jason Kirtland 2001-04-23 21:44:36 UTC

Ok, I managed to mangle the SRPM to use the UNSAFE_SASL option.  But it still
refuses to read the sasldb, claiming "permission denied".  The process is
running as root!

Comment 2 Need Real Name 2001-04-24 17:04:28 UTC

Try changing ownership of /etc/sasldb to cyrus.root, that worked for me on 7.0.

Comment 3 Jason Kirtland 2001-04-24 17:21:32 UTC

That works for me too, but only after rebuilding to allow the group readable sasldb.

Comment 4 Florian La Roche 2002-03-10 07:58:24 UTC

Please let me know if something should still be changed in sendmail. Current
support looks ok to me.

Thanks,

Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.