Re: [exim] strange dsearch issue

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MRafał Kupka at <-
M 
Delete this message
Reply to this message
Author: Dave Howe
Date:  
To: exim-users
Subject: Re: [exim] strange dsearch issue
On 5 May 2011 12:52, Rafał Kupka <rkupka+Listy.Exim@???> wrote:

Thanks for the response - comments inline.

On Wed, May 04, 2011 at 06:56:47PM +0100, Dave Howe wrote:
> Hi,
>
> > Recently upgraded exim using apt-get, and now suddenly I am getting an
> > error where there wasn't one before.
>
> Exim has had some security changes lately. Previous versions probably do
> dsearch lookups from uid 0 (just guessing).
>

I suspected something like that. Given there are no shell-capable users on
this box other than me (its a webserver and mail host) is there any way to
get that back? (not that I need it now, but I might need this to be able to
write to user dirs at some point in the future)

> I am using dsearch in the usual vhost thing to distribute mail for
> different domains into different mailboxes, using a subdir
> /etc/exim4/domain-db and one file per domain.
>
> As of the update, I am now getting:
>
> 18:39:56 9117 failed to open /etc/exim4/domain-db for directory search:
> Permission denied (euid=110 egid=117)

> checked that apparmour hasn't reared its ugly head again (it hasn't) and
the
> permissions look ok (rw_r__r__ for root:Debian-exim where Debian-exim has

Directory /etc/exim4/domain-db has permissions rw_r__r__?
> Try chmod a+x /etc/exim4/domain-db, search operation need +x permission.
>

tried 777 on it earlier, and it didn't help - rw_r__r__ is what it was when
I set it up.
just ran chmod on it and it is now drwxr-xr-x but still no joy.

2011-05-05 16:53:11 failed to open /etc/exim4/domain-db for directory
search: Pe
rmission denied (euid=110 egid=117)


> > the aforementioned uid and gid numbers). I can su - to Debian-exim and
> see
> > those files/dir just fine.
>
> Weird, could you run 'id' command after su - Debian-exim?
>

110/117/117

however, I suddenly noticed that ls -l /etc/exim4/domain-db was giving back
question marks in place of mode and size information (I hadn't tried -l as
Debian-exim previously) and was also doing so for /etc/exim4

turned out that /etc/exim4 was owned by bin:bin and not anything sane;
chowning it to root:Debian-exim resolved the issue, so thanks very much for
the help - it got me looking at the right things at least :)
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Modifying message footer[exim] Exim 4.76 RC1 uploaded - SECURITY->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)