[Kolab-devel] [issue4367] Unable to set group permissions to shared folder

Alexander Gran issues at kolab.org
Wed May 5 21:38:36 CEST 2010


New submission from Alexander Gran <alexg at moduleworks.com>:

I don't manage to set group permissions to a shared folder.
I even did a purge and reinstall cycle to be sure it's no config issue...
I setup a shared folder testshared at mydomain and a distribution list 
testlist at mydomain.
kolabd write the list into /etc/imapd.group, but I don't manage to change the 
ACL. Both cyradm and kolab debug logs gives:
kolabd: Y Warning: Unable to set the ACL of user 
`group:testlist at moduleworks.com' in mailbox 
`shared.testshared at moduleworks.com' to lrsiwdap, Error = 
`group:testlist at moduleworks.com: lrsiwdap: Invalid identifier'


I like answering my own questions....

stripping the group: prefix works for cyradm. Stripping it from the ldap
database helps too. 
Digging deeper into the issue....
/usr/share/kolab/admin/sharedfolder/sf.php adds the "group: "prefix in line 99.
Chaning that file helps
However I found it strange to have the acl without group:
Digging even deeper, I had a look into the kolab patch to cyrus. This is all,
but not admin friendly:
+    groupfile = fopen("/etc/imapd.group", "r");
+    if (!groupfile) groupfile = fopen("/etc/group", "r");
ARGS: GUYS! If read access to your group database fails, you just went on and
use the system group file instead? Why not a simple log line.
I had to use
root at webmail:~# strace -f cyrmaster  2>&1 | grep /etc/imapd.group
[pid  6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid  6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid  6993] open("/etc/imapd.group", O_RDONLY) = 14
[pid  6993] open("/etc/imapd.group", O_RDONLY) = 14

To find out it boils down to a permission issue with /etc/imapd.group. The
template specifies 
TARGET=/etc/imapd.group
PERMISSIONS=0640
OWNERSHIP=root:root

but cyrus runs as user cyrus, so it cannot read that damn group file. Fixing the
permissions and voila: You get no EACCES any more, cyradm etc start working and
there is no need to patch the sf.php.

Took me quite some hours to figure out....am I right?

----------
messages: 25008
nosy: alexg
priority: bug
status: in-progress
title: Unable to set group permissions to shared folder

______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4367>
______________________________________




More information about the devel mailing list