Mantis - saslauthd
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
2218 packaging feature always 2007-04-22 07:10 2013-07-09 15:57
Reporter: rmf Platform:  
Assigned To: yann OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version:  
Summary: 0002218: Problem with saslauthd permissions with some sendmail configurations.
Description: I\'m writing this up here, since it took me forever to find, and the same problem appeared in a google search against a blastwave version. The basic problem is described here:

  http://bugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=201826 [^]

This problem didn\'t happen until I started to use sendmail in the amavisd configuration. Possibly a note in the saslauthd.init might prevent someone else from going through the same detective work.
Steps To Reproduce:
Additional Information:
Relationships
Attached Files:
Issue History
Date Modified Username Field Change
2013-07-09 15:57 yann Note Added: 0010484
2013-07-09 15:57 yann Assigned To damjan => yann
2013-07-09 15:57 yann Status assigned => closed
2013-07-09 15:57 yann Resolution open => fixed

Notes
(0004613)
damjan   
2007-06-10 07:36   
Do you use stable on unstable version?

Unstable version creates that file with sasl group and adds rw permissions to the socket:
-bash-3.00$ ls -l /var/opt/csw
total 2
drwxrws--- 2 root sasl 512 Jun 10 19:32 saslauthd

Add account which needs authentication via saslauthd to the sasl group and then it should work.

If you use stable version, then please beware of the current issues in SASL before you upgrade. Update is pending.
(0004621)
rmf   
2007-06-11 15:49   
It is the unstable version. But sendmail isn\'t in the saslauthd group, and I\'m not sure if simply adding smmsp to the saslauthd group would work without putting code changes into sendmail anyway. In any case, you need to KNOW that you have to do this, which is my only point.
(0004641)
damjan   
2007-06-22 00:12   
I see. It is actually written in the README.sasl, but it is not clear enough:

- CSWsasl creates a group \'sasl\'. Any process which is not running as root,
  must belong to this group to perform authentiaction against SASLdb or via saslauthd.

I will clear it up in README.sasl for the next update.
(0004642)
rmf   
2007-06-22 09:42   
thanks. One of the reasons why it was perplexing was that sendmail, even in running as smmsp (ie, not root and not in group sasl), works fine. It\'s only when running the split configuration that amavisd wants where it breaks - one would naively think that you wouldn\'t have any permission problems once you get it working.
(0010484)
yann   
2013-07-09 15:57   
The new package 2.1.25,REV=2013.07.09 which will soon land in all mirrors in the unstable repository contains the reference to the sasl group in the README.CSW file, so I am closing this bug.