fix for DBERROR db4: PANIC: Permission denied
Iain Pople
ipople at unimelb.edu.au
Wed Feb 22 18:11:21 EST 2006
Hi,
I've added this into bugzilla, but posting it here too for the benefit
of those googling for a fix.
Some background:
Cyrus uses berkeley DB for some if its internal databases. DB keeps a
transaction log which from time to time needs to get rolled over and a
new logfile is created. If the new logfile is created by a process
running as root then the main cyrus processes will not be able to access
it and the mail system will stop responding.
Most of the cyrus utilities check to see if they are running as the
cyrus user and will exit with an error if they are not. Unfortunately
mbpath does not have this check so it will happily run as root. If you
are unlucky enough to run it when the transaction log needs to be rolled
over then the new logfile will be owned by root.
This issue has been discussed at various times in the past on cyrus lists:
http://www.irbs.net/internet/info-cyrus/0501/0223.html
http://www.irbs.net/internet/info-cyrus/0410/0131.html
This has caused our mail system to die twice in the last week.
Here is a very simple patch to add the same sort of user check that the
other command line utilities use:
--- mbpath.c.orig 2004-06-03 03:35:08.000000000 +1000
+++ mbpath.c 2006-02-22 12:39:38.596818000 +1100
@@ -96,6 +96,8 @@
char *alt_config = NULL;
char buf[MAX_MAILBOX_PATH+1];
+ if (geteuid() == 0) fatal("must run as the Cyrus user", EC_USAGE);
+
while ((opt = getopt(argc, argv, "C:qs")) != EOF) {
switch(opt) {
case 'C': /* alt config file */
Link to bugzilla:
https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2803
--
Iain Pople
Systems Interface Technical Lead
University of Melbourne
More information about the Cyrus-devel
mailing list