On 5 May 2011 12:52, Rafał Kupka <rkupka+Listy.Exim@???> wrote:
Thanks for the response - comments inline.
On Wed, May 04, 2011 at 06:56:47PM +0100, Dave Howe wrote: > Hi,
>
> > Recently upgraded exim using apt-get, and now suddenly I am getting an
> > error where there wasn't one before.
>
> Exim has had some security changes lately. Previous versions probably do
> dsearch lookups from uid 0 (just guessing).
>
I suspected something like that. Given there are no shell-capable users on
this box other than me (its a webserver and mail host) is there any way to
get that back? (not that I need it now, but I might need this to be able to
write to user dirs at some point in the future)
> I am using dsearch in the usual vhost thing to distribute mail for
> different domains into different mailboxes, using a subdir
> /etc/exim4/domain-db and one file per domain.
>
> As of the update, I am now getting:
>
> 18:39:56 9117 failed to open /etc/exim4/domain-db for directory search:
> Permission denied (euid=110 egid=117) > checked that apparmour hasn't reared its ugly head again (it hasn't) and the > permissions look ok (rw_r__r__ for root:Debian-exim where Debian-exim has
Directory /etc/exim4/domain-db has permissions rw_r__r__? > Try chmod a+x /etc/exim4/domain-db, search operation need +x permission.
>
tried 777 on it earlier, and it didn't help - rw_r__r__ is what it was when
I set it up.
just ran chmod on it and it is now drwxr-xr-x but still no joy.
2011-05-05 16:53:11 failed to open /etc/exim4/domain-db for directory
search: Pe
rmission denied (euid=110 egid=117)
> > the aforementioned uid and gid numbers). I can su - to Debian-exim and
> see
> > those files/dir just fine.
>
> Weird, could you run 'id' command after su - Debian-exim?
>
110/117/117
however, I suddenly noticed that ls -l /etc/exim4/domain-db was giving back
question marks in place of mode and size information (I hadn't tried -l as
Debian-exim previously) and was also doing so for /etc/exim4
turned out that /etc/exim4 was owned by bin:bin and not anything sane;
chowning it to root:Debian-exim resolved the issue, so thanks very much for
the help - it got me looking at the right things at least :)
