dovecot - Oct 2010 - Dovecot chgrp actions on new files/folders

Timo,

I did further study of the user/group permissions.  Applying the below
patch will make no difference to virtually everyone out there.  Those
that have default uid/gid ownership won't see any change as the gid
already matches so the fchown() action won't be attempted.  Those that
have sgid will still see the normal expected fchown() enforced by the
kernel which becomes a duplicated action by dovecot.  In the last case,
those with an unknown 3rd party gid were used to seeing fchown()
failures and those will now go away.  It is only this third group that
will see anything change as all other cases are already handled.  Anyone
who wishes to create new files with another group ID should make their
directories sgid or stgid as per normal filesystem ACL semantics.  The
original net effect of this only turns on an fchown() that will fail and
emit numerous error messages.  This patch fixes that.  Technically the
fchown is unneccessary extra code already since any directory that is
sgid or stgid will have ownership enforced by the kernel already.

I simply made it #if 0 below, the correct patch would be to delete the
extraneous block.

--- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400
+++ src/lib-storage/mailbox-list.c      2010-10-08 13:02:54.000000000 -0400
@@ -450,7 +450,7 @@
                } 

                if (S_ISDIR(st.st_mode) && (st.st_mode & S_ISGID) !=
0) {
-                       /* directory's GID is used automatically for new
+                       /* directory is sgid, so GID is used
automatically for new
                           files */
                        *gid_r = (gid_t)-1;
                } else if ((st.st_mode & 0070) >> 3 == (st.st_mode
&
0007)) {
@@ -460,9 +460,13 @@
                } else if (getegid() == st.st_gid) {
                        /* using our own gid, no need to change it */
                        *gid_r = (gid_t)-1;
-               } else {
+               }
+#if 0
+#warning this code makes dovecot attempt to chgrp files to wrong
ownership 
+               else {
                        *gid_r = st.st_gid;
                }
+#endif
        }

        if (name == NULL) {

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 14.10.2010 19:49, David Ford a ?crit :
>  Timo,
> 
> I did further study of the user/group permissions.  Applying the below
> patch will make no difference to virtually everyone out there.  Those
> that have default uid/gid ownership won't see any change as the gid
> already matches so the fchown() action won't be attempted.  Those that
> have sgid will still see the normal expected fchown() enforced by the
> kernel which becomes a duplicated action by dovecot.  In the last case,
> those with an unknown 3rd party gid were used to seeing fchown()
> failures and those will now go away.  It is only this third group that
> will see anything change as all other cases are already handled.  Anyone
> who wishes to create new files with another group ID should make their
> directories sgid or stgid as per normal filesystem ACL semantics.  The
> original net effect of this only turns on an fchown() that will fail and
> emit numerous error messages.  This patch fixes that.  Technically the
> fchown is unneccessary extra code already since any directory that is
> sgid or stgid will have ownership enforced by the kernel already.
> 
> I simply made it #if 0 below, the correct patch would be to delete the
> extraneous block.
> 
> --- src/lib-storage/mailbox-list.c.orig 2010-09-14 11:03:18.000000000 -0400
> +++ src/lib-storage/mailbox-list.c      2010-10-08 13:02:54.000000000 -0400
> @@ -450,7 +450,7 @@
>                 } 
> 
>                 if (S_ISDIR(st.st_mode) && (st.st_mode &
S_ISGID) != 0) {
> -                       /* directory's GID is used automatically for
new
> +                       /* directory is sgid, so GID is used
> automatically for new
>                            files */
>                         *gid_r = (gid_t)-1;
>                 } else if ((st.st_mode & 0070) >> 3 ==
(st.st_mode &
> 0007)) {
> @@ -460,9 +460,13 @@
>                 } else if (getegid() == st.st_gid) {
>                         /* using our own gid, no need to change it */
>                         *gid_r = (gid_t)-1;
> -               } else {
> +               }
> +#if 0
> +#warning this code makes dovecot attempt to chgrp files to wrong
> ownership 
> +               else {
>                         *gid_r = st.st_gid;
>                 }
> +#endif
>         }
> 
>         if (name == NULL) {
> 


 Timo, I think this patch should be commiter


<anonymous>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iD8DBQFMt0O9tXI/OwkhZKcRAlyZAJ4qWsCEjknuckDNAgSXA6gRb+dFxgCgg1cw
ty1a2H9zif955FLuxMBNE3c=CKzb
-----END PGP SIGNATURE-----

On Thu, 2010-10-14 at 13:49 -0400, David Ford wrote:
> Timo,
> 
> I did further study of the user/group permissions.  Applying the below
> patch will make no difference to virtually everyone out there.
No, it breaks it for people using shared mailboxes without sgid in the
directories. There is no documentation that even suggests using sgid, so
I think it could break a lot of installations.
> Those
> that have default uid/gid ownership won't see any change as the gid
> already matches so the fchown() action won't be attempted.  Those that
> have sgid will still see the normal expected fchown() enforced by the
> kernel which becomes a duplicated action by dovecot.
If there is sgid bit set, Dovecot doesn't do a duplicate fchown()
anymore but trusts that kernel already preserved it.

I don't see a way to change this behavior anymore without annoying a lot
of people.