group acl with winbind

Luca Olivetti luca at wetron.es
Wed Apr 8 03:14:07 EDT 2015


El 07/04/15 a les 18:10, Dan White ha escrit:
> On 04/07/15 17:50 +0200, Luca Olivetti wrote:
>> El 07/04/15 a les 17:31, Dan White ha escrit:
>>
>>>> localhost> sam m_sist group:m_sist lrw
>>>> setaclmailbox: group:m_sist: lrw: Invalid identifier
>>>> localhost>
>>>
>>> Could this be a permissions problem? Can the cyrus user successfully
>>> execute the getent command?
>>
>> Yes, it can
>>
>> $ sudo su -s /bin/bash cyrus
>> $ whoami
>> cyrus
>> $ getent group | grep m_sist
>> m_sist:x:674:ojeda,luca,calmet,rafa,oscar
> 
> I'm at a loss to explain that behavior. You may need to trace/debug
> to get to the bottom of it:
> 
> http://members.sange.fi/~atehwa/vc/packaging/cyrus-imapd/debian/README.Debian.debug

Thank you, that was useful (duh, why didn't I think of it?).
It turns out that the culprit was.....systemd (or better, the systemd
unit file provided by my distro).
Winbind uses a socket in /tmp/.winbindd but in the systemd unit file
there's a

PrivateTmp=true

which effectively hides the socket from cyrus.
Changing it to false solves the problem.

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es
Tel. +34 935883004  Fax +34 935883007


More information about the Info-cyrus mailing list