Unable to set group permissions to shared folder

Alexander Gran alexg at moduleworks.com
Wed May 5 21:36:31 CEST 2010


Hi again,

I like answering my own questions....

> kolabd: Y Warning: Unable to set the ACL of user
> `group:testlist at moduleworks.com' in mailbox
> `shared.testshared at moduleworks.com' to lrsiwdap, Error =
> `group:testlist at moduleworks.com: lrsiwdap: Invalid identifier'

stripping the group: prefix works for cyradm. Stripping it from the ldap 
database helps too. 
Digging deeper into the issue....
/usr/share/kolab/admin/sharedfolder/sf.php adds the "group: "prefix in line 
99. Chaning that file helps
However I found it strange to have the acl without group:
Digging even deeper, I had a look into the kolab patch to cyrus. This is all, 
but not admin friendly:
+    groupfile = fopen("/etc/imapd.group", "r");
+    if (!groupfile) groupfile = fopen("/etc/group", "r");
ARGS: GUYS! If read access to your group database fails, you just went on and 
use the system group file instead? Why not a simple log line.
I had to use
root at webmail:~# strace -f cyrmaster  2>&1 | grep /etc/imapd.group
[pid  6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid  6993] open("/etc/imapd.group", O_RDONLY) = -1 EACCES (Permission denied)
[pid  6993] open("/etc/imapd.group", O_RDONLY) = 14
[pid  6993] open("/etc/imapd.group", O_RDONLY) = 14

To find out it boils down to a permission issue with /etc/imapd.group. The 
template specifies 
TARGET=/etc/imapd.group
PERMISSIONS=0640
OWNERSHIP=root:root

but cyrus runs as user cyrus, so it cannot read that damn group file. Fixing 
the permissions and voila: You get no EACCES any more, cyradm etc start 
working and there is no need to patch the sf.php.

Took me quite some hours to figure out....

I'll open a issue and post this email there
https://issues.kolab.org/issue4367

regards
Alex

-- 

Dipl. Inform. Alexander Gran, MBA
alexg at moduleworks.com
http://www.moduleworks.com
SkypeID: mw_alexg
M: +49(0)163/5598933  

ModuleWorks GmbH
Ritterstraße 12a
52072 Aachen
HRB 11871
Amtsgericht Aachen
Geschäftsführer Yavuz Murtezaoglu

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information.
If you have received it in error, please notify the sender immediately
and delete the original.
Any other use of the email by you is prohibited.




More information about the users mailing list