search for: setgid

https://bugzilla.samba.org/show_bug.cgi?id=13239 Bug ID: 13239 Summary: "rsync --times" does not keep dirs' setgid bits when user not member of setgid group Product: rsync Version: 3.1.2 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: core Assignee: wayned at samba....

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

...de at the same time. Did a lot of searching, put couldn't find an answer to this problem. All I can find is related to LDA, which I'm not using. Any help would be appreciated. Errors from the log: Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Sep 28 00:03:24 mailserver dovecot: imap(userD)<17009><recJguF2NMpUU...

Somewhere between Samba 4.2.10 and 4.6.2 (came with CentOS 7 updates) the setgid bit is not inherited anymore when making directories via my Samba service. Everything else is still fine. With ssh direct on the file system or sftp, i get all permissions and acls inherited nicely. Also with Samba all acls are still just fine, except that setgid bit is not inherited (s on the...

http://bugzilla.mindrot.org/show_bug.cgi?id=136 Summary: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group Product: Portable OpenSSH Version: 3.0.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2...

...eased with the work you've done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are not handled on the server-side. that when I sftp> chmod 2775 afile I would expect afile to show: -rwxrwsr-x 1 openssh isgreat 0 2007-04-25 00:19 afile but I get: -rwxrwxr-x 1 openssh isgreat 0 2007-04-25 00:19 afile just as if I had typed: "chmod 775 afile &quo...

Hi all, I'm having trouble getting a new Postfix/Dovecot server up and running. I'm trying to run v1.0.3, using MySQL tables setup list postfix admin. This is a RHEL5 server. Getting this error tail /var/log/dovecot/dovecot-deliver.log deliver(none at example.com): Sep 04 19:44:15 Fatal: setgid(12) failed: Operation not permitted That 12 being my vmail user. I'm not exactly sure what's trying to setgid, nor how to fix it, any ideas would be appreciated. Dovecot -n is below protocols: imap imaps pop3 pop3s ssl_disable: yes disable_plaintext_auth: no login_dir: /usr/local/var/run...

Hello all, I'm trying to get the expire plugin working, but still having issues even with 1.1RC5. If I run the expire tool I get the following error: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted Same thing with --test: server:~# dovecot --exec-mail ext /usr/local/libexec/dovecot/expire-tool --test Fatal: setgid(100) failed with euid=2005, gid=0, egid=0: Operation not permitted gid 100 = users, uid 2005 = helmut The us...

...is server as a PDC and so far everything is working quite alright. However, I have a problem with permissions of files I want to share. Mostly it is working well. Samba respects group memberships, including supplementary groups, ownership, etc. The only problem is that Samba is not honoring the setgid bit. When I create a file or directory in Windows, it belongs to the user who created it and the group they have as their primaryGroupID attribute, even though the directory has the setgid bit set. When I create the file using a shell command, the right group ownership is set. Does anyone know...

...cal/etc/dovecot/passwd file is in the following format userA:{SSHA}hashhhhhhhhh:1000:1000::/home/userA Authentication works, and mail gets delivered. But I'm still getting the same intermitted errors. Sep 28 00:03:24 mailserver dovecot: imap(userD)<14864><WT8DguF2MspUUoaT>: Fatal: setgid(1012(userD) from userdb lookup) failed with euid=1011(userA), gid=1011(userA), egid=1011(userA): Operation not permitted (This binary should probably be called with process group set to 1012(userD) instead of 1011(userA)) Also tried disabling the cache in 10-auth.conf, at no avail. I'm a bit...

...generating more security problems ). Lorenzo Delana | | On 02/02/2018 17:15, Dale Renton wrote: > > have you found a solution that makes "force directory mode = 2770" > able to apply to new created folders ? > > > We have noticed the same thing in CentOS 7. The setgid no longer works > like it did before, so now we create our shares like this following > the instructions from the wiki. > > https://wiki.samba.org/index.php/Setting_up_a_Share_Using_POSIX_ACLs > > > # chmod 700 /u01/test > # chown root:root /u01/test > # setfacl -m grou...

When copying locally as well as remotely inside a setgid dir, the option --times has the unwanted side effect of making the newly created directories not have the setgid bit set, but only when the user running rsync is not a member of the corresponding group. The extra option --omit-dir-times prevents the loss of the setgid bit in this case. Is this a...

version: rsync v2.6.1 (+ a minor, unrelated patch). I'm rsyncing files (not as root) and am happy (indeed, for what I want, delighted) that the files at the target side end up owned by the account doing the rsync. However, I've found that if I have a setuid/setgid file on the source side, the target file ends up setuid/setgid too (but under a different id!). This happens whether or not I specify the "-p" option. Am I missing something? What I would like to be able to do is to get the target files to have the source permissions *except* any...

...data. This file system has the perms 2770. I have set the following in the smb.conf: inherit permissions = yes inherit acls = yes I mount the filesystem from a linux, ubuntu, client and create a directory. The directory comes out with perms 0770. I can chmod 2770 the directory and it takes the setgid just fine. What am I missing, where, in order to have the setgid pass down to the new directories on the server properly? Robert - -- :wq! - --------------------------------------------------------------------------- Robert L. Harris | GPG Key ID: E344DA3B...

Hi Lorenzo and Dale, My setup is like Lorenzo's completely based on setgid being propagated. The filesystem should determine the group used starting at a certain directory. Different "root" directories have different groups, and security is based on groups, not users. I tried all sorts of settings combinations, alseo "force directory mode = 2770",...

Hi all Trying to setup dovecot with mysql and postfix, I have configured it as given below. thecot user has the dovecot group as primary, and is also a member of mail and dovecot-users. Still, it can't setgid to dovecot-users. I tried changing the shell for the dovecot user to something useful and chmod'ing a file to dovecot-users, and it work well. Still, no mail comes through and dovecot gives me this error deliver(roy at somedomain.com): 2009-05-23 15:02:52 Fatal: setgid(115) failed with...

Sorry if this is a nubbie question, but I?m getting: lda(jlbrown at bordo.com.au)<4444><QFg5KRHVBBxcEQAAYBwt+A>: Fatal: setgid(102 from userdb lookup) failed with euid=501(jlbrown), gid=20(staff), egid=20(staff): Operation not permitted (This binary should probably be called with process group set to 102 instead of 20(staff)) How can I fix this? (macOS Mojave, Dovecot 2.3.4) Thanks, James.

https://bugzilla.samba.org/show_bug.cgi?id=4138 Summary: Incoming chmod can't override inherited directory setgid Product: rsync Version: 2.6.9 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: hashproduct+rsync@gmail.com QACont...

...emp) that I want to be read/write for everybody. Using force user etc in smb.conf is not an option (afaik) because that only applies to a top level directory, and not to deeper directories, right..? (please do correct me if i'm wrong here already....) So, I tried linux filesystem permissions setgid and setuid to this directory (temp). This works for the setgid part, but appearently setuid only works on files, not on directories. Setgid is NOT good enough, because all files now are owned by user 'users', but still have read only permissions to 'users' group. SO... Is there a w...

https://bugzilla.mindrot.org/show_bug.cgi?id=1893 Summary: change ssh-keisign to setgid from setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedB...