search for: setegid

...nly accessible "by group permission"; for example in the following (as I guess quite common) case: drwxr-x--- root mygroup 512 Apr 10 12:09 mygroup And my personal homedirectory would now be one level below: /home/mygroup/myhome So my question: is there a particular reason that setegid() and initgroups() are not used? Regards, -Luzian -- University of Zurich, Centre for Computing Services Luzian Scherrer <luzian.scherrer at zi.unizh.ch> Winterthurerstrasse 190, CH-8057 Zurich Tel: +41 1 63 56778 Fax: +41 1 63 54505 Office: Y11-F-76

...web190304.mail.sg3.yahoo.com> Jun 25 20:22:54 rolf14 postfix/qmgr[21172]: 90898E0190: from=<stephanie.otavy at live.com>, size=5291, nrcpt=1 (queue active) Jun 25 20:22:54 rolf14 postfix/smtpd[21674]: disconnect from localhost[127.0.0.1] Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: setegid(privileged) failed: Operation not permitted Jun 25 20:22:54 rolf14 dovecot: lda(rolf): Error: sieve: msgid=<1340648569.94073.YahooMailClassic at web190304.mail.sg3.yahoo.com>: failed to store into mailbox 'INBOX': BUG: Unknown internal error Jun 25 20:22:54 rolf14 dovecot: lda(rolf...

...%u: %.100s", (u_int) getegid(), strerror(errno)); /* Propagate the privileged uid to all of our uids. */ if (setuid(geteuid()) < 0) debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); #endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) fatal("setegid %u: %.100s", (u_int) pw->pw_gid, strerror(errno)); if (seteuid(pw->pw_uid) == -1) fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno)); ----...

...< 0) + debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); + /* Propagate the privileged uid to all of our uids. */ + if (setuid(geteuid()) < 0) + debug("setuid %u: %.100s", (u_int) geteuid(), strerror(errno)); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ if (setegid(pw->pw_gid) < 0) - fatal("setegid %u: %.100s", (u_int) pw->pw_gid, - strerror(errno)); - if (seteuid(pw->pw_uid) == -1) - fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, - strerror(errno)); + fatal("setegid %u: %.100s", (u_int) pw->p...

...allow creation of the dotlock files. >>>> >>>> When I configure postfix to deliver using dovecot-lda, I get logs that >>>> look >>>> like this: >>>> >>>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: >>>> setegid(privileged) failed: Operation not permitted >>>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< >>>> 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX: >>>> BUG: Unknown internal error >>>> >>>> In...

Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Effective uid=1003, gid=1003, home=/home/granitemon Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted so it's running as the normal user, and NOT with the mail group. I'm using exim with LMTP. LMTP is NOT a bad thing, and might make your life easier. It does allow you to add sieve scripting if you want to via pigeonhole. Sorry, I'm at a...

...9 clements -rw------- 1 granitemon mail 530 Nov 2 22:07 granitemon I've added mail_privileged_group = mail to allow creation of the dotlock files. When I configure postfix to deliver using dovecot-lda, I get logs that look like this: Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX: BUG: Unknown internal error In order to isolate the error, I took postfix out of the equation, and called dovecot-l...

the stat() on which file? On Wed, Apr 04, 2001 at 02:06:56PM +0200, Jan Just Keijser wrote: > hmmm, I found the problem and managed to fix it, but I am not sure if this > isn't broken: > > using gdb, I found that sshd fails to stat the 'authorized_keys' files, > which was in /local/home/janjust/.ssh/authorized_keys. Here were the > permissions for the directories

...ndresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop +for ac_func in arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmod...

...added >> mail_privileged_group = mail >> to allow creation of the dotlock files. >> >> When I configure postfix to deliver using dovecot-lda, I get logs that >> look >> like this: >> >> Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: >> setegid(privileged) failed: Operation not permitted >> Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< >> 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX: >> BUG: Unknown internal error >> >> In order to isolate the error, I took postf...

...gs showed an error of unable to set the appropriate GID from smbd/uid.c. (NT gave me the "incorrect user or password" dialog). The function that was failing was set_effective_gid in lib/util_sec.c. In that section there are four possible calls: some UID trapdoor call setresgid setregid setegid Which one is used is determined by #defines in include/config.h. For some reason the configure script set the trapdoor, the setregid, and the setegid (and the corresponding defs for uid calls) to 1 and did not declare only the one for setresgid. I commented the lines for the trapdoor UID def and...

...debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); --- 85,98 ---- if (setgroups(user_groupslen, user_groups) < 0) fatal("setgroups: %.100s", strerror(errno)); #endif /* !HAVE_CYWIN */ ! #ifdef SAVED_IDS_WORK_WITH_SETEUID ! if (setegid(pw->pw_gid) < 0) ! fatal("setegid %u: %.100s", (u_int) pw->pw_gid, ! strerror(errno)); ! if (seteuid(pw->pw_uid) == -1) ! fatal("seteuid %u: %.100s", (u_int) pw->pw_uid, ! strerror(errno)); ! #e...

...05 desmond dovecot: lda(granitemon): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= Nov 3 12:23:05 desmond dovecot: lda(granitemon): Debug: Destination address: granitemon at desmond.brinckerhoff.org (source: user at hostname) Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed: Operation not permitted Nov 3 12:23:05 desmond dovecot: lda(granitemon): msgid=< 20151103202305.88BE05FF39 at desmond.brinckerhoff.org>: save failed to INBOX: BUG: Unknown internal error Nov 3 12:23:05 desmond dovecot: lda(granitemon): Error: setegid(privileged) failed:...

...aved_egid = 0; #endif /* @@ -59,6 +60,27 @@ #endif /* SAVED_IDS_WORK_WITH_SETEUID */ } +void +temporarily_use_gid(gid_t gid) +{ +#ifdef SAVED_IDS_WORK_WITH_SETEUID + /* Save the current egid. */ + saved_egid = getegid(); + + /* Set the effective gid to the given (unprivileged) gid. */ + if (setegid(gid) == -1) + debug("setegid %u: %.100s", (u_int) gid, strerror(errno)); +#else /* SAVED_IDS_WORK_WITH_SETEUID */ + /* Propagate the privileged gid to all of our gids. */ + if (setgid(getegid()) < 0) + debug("setgid %u: %.100s", (u_int) getegid(), strerror(errno)); + + /* S...

...v 2 22:07 granitemon > > I've added > mail_privileged_group = mail > to allow creation of the dotlock files. > > When I configure postfix to deliver using dovecot-lda, I get logs that look > like this: > > Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: > setegid(privileged) failed: Operation not permitted > Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< > 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX: > BUG: Unknown internal error > > In order to isolate the error, I took postfix out of the equati...

...roup = mail >>> to allow creation of the dotlock files. >>> >>> When I configure postfix to deliver using dovecot-lda, I get logs that >>> look >>> like this: >>> >>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): Error: >>> setegid(privileged) failed: Operation not permitted >>> Nov 3 11:12:20 desmond dovecot: lda(granitemon): msgid=< >>> 20151103181306.A4B5B5FF32 at desmond.XXXDOMAIN.org>: save failed to INBOX: >>> BUG: Unknown internal error >>> >>> In order to isolate the...

...ndresvport_sa clock fchown fchmod freeaddrinfo futimes gai_strerror getcwd getaddrinfo getgrouplist getnameinfo getrlimit getrusage getttyent getusershell glob inet_aton inet_ntoa inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp on_exit openpty realpath rresvport_af setdtablesize setenv setegid seteuid setlogin setproctitle setresgid setreuid setrlimit setsid sigaction sigvec snprintf strerror strlcat strlcpy strmode strsep strtok_r sysconf tcgetpgrp utimes vsnprintf vhangup vis waitpid _getpty __b64_ntop) +AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_sa clock fchown fchmo...

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? # newgrp bin # ssh remotehost permanently_set_uid: was able to restore old [e]gid # Is this the desired behavior or should th...

...2 @@ permanently_set_uid(struct passwd *pw) fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif +#ifndef HAVE_CYGWIN /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); +#endif /* Verify GID drop was successful */ if (getgid() != pw->pw_gid || getegid() != pw->pw_gid) { -- Corinna Vinschen Cygwin Project Co-Leader Red Hat, Inc.

...er the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); My question is, should this change also be included in the setuid() call a few lines later? ... /* Try restoration of UID if changed (test clearing of saved uid) */ if (old_uid !=...