Bug 37272 - Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Summary: Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: sendmail   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Florian La Roche
QA Contact: David Lawrence
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-23 21:02 UTC by Jason Kirtland
Modified: 2007-04-18 16:32 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-24 17:21:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Jason Kirtland 2001-04-23 21:02:21 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)

Cyrus IMAP (from Powertools) wants an /etc/sasldb owned and readable by 
user 'cyrus', with group 'mail'.  Sendmail will see that it is owned by 
cyrus and complain:
  safesasl(/etc/sasldb) error: Permission denied.
Turning on the group 'mail' read bit gets:
  safesasl(/etc/sasldb) failed: Group readable file.
There is a sendmail option to quelch this, the DONT_BLAME_SENDMAIL flag 
`GroupReadableSaslFile'.  Unfortunately you've got to have support for 
this compiled in with _FFR_UNSAFE_SASL. RedHat sendmail does not.

Reproducible: Always
Steps to Reproduce:
1.  Install Cyrus IMAP or ACAP, etc.
2.  Setup your sasldb users
3.  Fire up sendmail

Comment 1 Jason Kirtland 2001-04-23 21:44:36 UTC
Ok, I managed to mangle the SRPM to use the UNSAFE_SASL option.  But it still
refuses to read the sasldb, claiming "permission denied".  The process is
running as root!

Comment 2 Need Real Name 2001-04-24 17:04:28 UTC
Try changing ownership of /etc/sasldb to cyrus.root, that worked for me on 7.0.

Comment 3 Jason Kirtland 2001-04-24 17:21:32 UTC
That works for me too, but only after rebuilding to allow the group readable sasldb.

Comment 4 Florian La Roche 2002-03-10 07:58:24 UTC
Please let me know if something should still be changed in sendmail. Current
support looks ok to me.


Florian La Roche

Note You need to log in before you can comment on or make changes to this bug.