[Kolab-devel] [issue4367] Unable to set group permissions to shared folder
Alexander Gran
issues at kolab.org
Wed May 5 21:38:36 CEST 2010
New submission from Alexander Gran <alexg at moduleworks.com>:
I don't manage to set group permissions to a shared folder.
I even did a purge and reinstall cycle to be sure it's no config issue...
I setup a shared folder testshared at mydomain and a distribution list
testlist at mydomain.
kolabd write the list into /etc/imapd.group, but I don't manage to change the
ACL. Both cyradm and kolab debug logs gives:
kolabd: Y Warning: Unable to set the ACL of user
`group:testlist at moduleworks.com' in mailbox
`shared.testshared at moduleworks.com' to lrsiwdap, Error =
`group:testlist at moduleworks.com: lrsiwdap: Invalid identifier'
I like answering my own questions....
stripping the group: prefix works for cyradm. Stripping it from the ldap
database helps too.
Digging deeper into the issue....
/usr/share/kolab/admin/sharedfolder/sf.php adds the "group: "prefix in line 99.
Chaning that file helps
However I found it strange to have the acl without group:
Digging even deeper, I had a look into the kolab patch to cyrus. This is all,
but not admin friendly:
+ groupfile = fopen("/etc/imapd.group", "r");
+ if (!groupfile) groupfile = fopen("/etc/group", "r");
ARGS: GUYS! If read access to your group database fails, you just went on and
use the system group file instead? Why not a simple log line.
I had to use
root at webmail:~# strace -f cyrmaster 2>&1 | grep /etc/imapd.group
[pid 6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid 6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid 6993] open("/etc/imapd.group", O_RDONLY) = 14
[pid 6993] open("/etc/imapd.group", O_RDONLY) = 14
To find out it boils down to a permission issue with /etc/imapd.group. The
template specifies
TARGET=/etc/imapd.group
PERMISSIONS=0640
OWNERSHIP=root:root
but cyrus runs as user cyrus, so it cannot read that damn group file. Fixing the
permissions and voila: You get no EACCES any more, cyradm etc start working and
there is no need to patch the sf.php.
Took me quite some hours to figure out....am I right?
----------
messages: 25008
nosy: alexg
priority: bug
status: in-progress
title: Unable to set group permissions to shared folder
______________________________________
Kolab issue tracker <issues at kolab.org>
<https://issues.kolab.org/issue4367>
______________________________________
More information about the devel
mailing list