Red Hat Bugzilla – Bug 37272
Sendmail + SASL + Cyrus IMAP: bad permissions on /etc/sasldb
Last modified: 2007-04-18 12:32:48 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Cyrus IMAP (from Powertools) wants an /etc/sasldb owned and readable by
user 'cyrus', with group 'mail'. Sendmail will see that it is owned by
cyrus and complain:
safesasl(/etc/sasldb) error: Permission denied.
Turning on the group 'mail' read bit gets:
safesasl(/etc/sasldb) failed: Group readable file.
There is a sendmail option to quelch this, the DONT_BLAME_SENDMAIL flag
`GroupReadableSaslFile'. Unfortunately you've got to have support for
this compiled in with _FFR_UNSAFE_SASL. RedHat sendmail does not.
Steps to Reproduce:
1. Install Cyrus IMAP or ACAP, etc.
2. Setup your sasldb users
3. Fire up sendmail
Ok, I managed to mangle the SRPM to use the UNSAFE_SASL option. But it still
refuses to read the sasldb, claiming "permission denied". The process is
running as root!
Try changing ownership of /etc/sasldb to cyrus.root, that worked for me on 7.0.
That works for me too, but only after rebuilding to allow the group readable sasldb.
Please let me know if something should still be changed in sendmail. Current
support looks ok to me.
Florian La Roche