Re: "setuid(UID)" and "chmod 4550" misbehaving
Hi:
I know it's already pretty late to try to provide some hints on this
issue, but didn't like to miss the chance in case some other people
might hit same issue in the future.
Provided plugin for Squirrelmail + Cyrus + SASL uses, as per code, a call to saslpasswd2 binary. In fact, it's writing a Berkely DB file, usually /etc/sasldb2. Depending upon your configuration, by default:
XXX:/var/log/httpd # ls -l /etc/sasldb2
-rw-r--r-- 1 root root 45056 Oct 20 20:00 /etc/sasldb2
Well, with such permissons and ownership, cyrus will not be able to run saslpasswd2 successfully. cyrus user belongs in default installations to group mail, as well as root, but notice
root:root assign! This causes saslpasswd2 to fail. Try then:
XXX:/var/log/httpd # ls -l /etc/sasldb2
-rw-rw-r-- 1 root mail 45056 Oct 20 20:00 /etc/sasldb2
This has worked for me. But:
wwwrun@XXX:/XXX_DIR> ./chgsaslpasswd -p foo
oof
chgsaslpasswd: generic failure
It makes sense, right?
XXX:/XXX # usermod -G 12 wwwrun
XXX:/XXX # su wwwrun
wwwrun@XXX:/XXX> id
uid=30(wwwrun) gid=8(www) groups=8(www),12(mail)
wwwrun@XXX:/XXX> ./chgsaslpasswd -p foo
oof
, and it works! At least for me. Of course, it implies a risk for your system security. You could use sudo to try to reduce the impact.
Hope this might help anyone else.
P.D.: As a matter of fact, wwwrun's shell is set to /bin/false by default. Had to temporarily to "runnable" shell.
Reply to: