Date: Mon, 8 Sep 1997 14:18:30 -0700 (PDT) From: Tom <tom@sdf.com> To: Brian Somers <brian@awfulhak.org> Cc: freebsd-stable@freebsd.org Subject: Re: unix domain sockets in 2.2-stable Message-ID: <Pine.BSF.3.95q.970908141342.23740A-100000@misery.sdf.com> In-Reply-To: <199709082054.VAA04605@awfulhak.demon.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 8 Sep 1997, Brian Somers wrote:
> >
> > I use Cyrus for handling a local mail store. It uses a special pwcheck
> > daemon to check passwords as non-root users can't read the encrypted
> > password field. The Cyrus imap and pop servers talk to pwcheck on a unix
> > domain socket at /var/pwcheck/pwcheck
> >
> > This all worked well up to a 2.2-stable kernel from Aug 31. My
> > previous 2.2-stable kernel from Jul 19 still works. If I boot the Aug
> > 31 kernel, cyrus isn't able to connect to the pwcheck deamon, and if I
> > boot to the older Jul 19 kernel cyrus works fine.
> >
> > The connect() call in the following segment of code fails on Aug 31
> > kernels, and works on Jul 19 kernels and earlier (code is taken from
> > unix_unix_pwcheck.c from Cyrus 1.5.2).
> >
> > memset((char *)&srvaddr, 0, sizeof(srvaddr));
> > srvaddr.sun_family = AF_UNIX;
> > strcpy(srvaddr.sun_path, STATEDIR);
> > strcat(srvaddr.sun_path, "/pwcheck/pwcheck");
> > r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
> > if (r == -1) {
> > *reply = "cannot connect to pwcheck server";
> > return 1;
> > }
> >
> >
> > Does anyone have any idea on what has changed as far as unix domain
> > sockets in 2.2-stable lately? I've looked at the committ logs, and I
> > don't see anything that stands out.
>
> There are no problems with local sockets and ppp. I've just checked
> a RELENG_2_2 system built on September 1. Try running ppp in auto
> mode with a "set server /my/local/socket" in the config (you don't
> have to actually connect to anything), and then run "pppctl -p xxxx
> /my/local/socket show ipcp".... works ok.
>
> I'd suggest a rebuild of your system.
I already rebuilt my system before sending this.
I found out what is happening. The group and other permissions on unix
sockets are ignored. In my case the pwcheck daemon runs as root, and
therefore the socket is owned by root. However, the cyrus daemons can't
open the socket because it seesm that the other bits (I have r-x
set) are ignored, and the cyrus daemons run as the cyrus user. If I chown
the socket after pwcheck opens it, to the cyrus user, everything works ok.
This new behaviour is now very linux-like.
> > Tom
> >
>
> --
> Brian <brian@awfulhak.org>, <brian@freebsd.org>
> <http://www.awfulhak.org>;
> Don't _EVER_ lose your sense of humour....
>
>
>
>
Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970908141342.23740A-100000>