On Wed, Aug 25, 2021 at 04:14:51PM +0200, Philipp Ewald wrote:
i have upgrade my Debian 10 to 11 and notice that courier-authdeamon got problem with new permissions in /var/run/courier
This appears to be intentional and security-related.
See <http://bugs.debian.org/984810> and
<https://security-tracker.debian.org/tracker/CVE-2021-28374>.
Debian 11:
#Type Path Mode UID GID Age Argument
d /run/courier 0775 root courier - -
d /run/courier/authdaemon 0750 courier courier - -
But with this configuration authdaemon not working:
ERR: authdaemon: s_connect() failed: Permission denied
/usr/bin/maildrop: Temporary authentication failure.
status: deferred
Perhaps this should be considered a bug in maildrop, rather than in
courier-authdaemon. I'm not familiar with maildrop or what privileges
it requires. The package description says it runs setgid "mail", whereas
this authdaemon directory is only accessible to group "courier". But I
don't know how to fix it without breaking other things.