fix for DBERROR db4: PANIC: Permission denied

Iain Pople ipople at unimelb.edu.au
Wed Feb 22 18:11:21 EST 2006


Hi,

I've added this into bugzilla, but posting it here too for the benefit 
of those googling for a fix.

Some background:

Cyrus uses berkeley DB for some if its internal databases. DB keeps a 
transaction log which from time to time needs to get rolled over and a 
new logfile is created. If the new logfile is created by a process 
running as root then the main cyrus processes will not be able to access 
it and the mail system will stop responding.

Most of the cyrus utilities check to see if they are running as the 
cyrus user and will exit with an error if they are not. Unfortunately 
mbpath does not have this check so it will happily run as root. If you 
are unlucky enough to run it when the transaction log needs to be rolled 
over then the new logfile will be owned by root.

This issue has been discussed at various times in the past on cyrus lists:

http://www.irbs.net/internet/info-cyrus/0501/0223.html
http://www.irbs.net/internet/info-cyrus/0410/0131.html

This has caused our mail system to die twice in the last week.

Here is a very simple patch to add the same sort of user check that the 
other command line utilities use:

--- mbpath.c.orig       2004-06-03 03:35:08.000000000 +1000
+++ mbpath.c    2006-02-22 12:39:38.596818000 +1100
@@ -96,6 +96,8 @@
    char *alt_config = NULL;
    char buf[MAX_MAILBOX_PATH+1];

+  if (geteuid() == 0) fatal("must run as the Cyrus user", EC_USAGE);
+
    while ((opt = getopt(argc, argv, "C:qs")) != EOF) {
      switch(opt) {
      case 'C': /* alt config file */


Link to bugzilla:

https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2803

-- 
Iain Pople
Systems Interface Technical Lead
University of Melbourne


More information about the Cyrus-devel mailing list