From owner-freebsd-stable  Mon Sep  8 14:23:27 1997
Return-Path: <owner-freebsd-stable>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id OAA05111
          for stable-outgoing; Mon, 8 Sep 1997 14:23:27 -0700 (PDT)
Received: from misery.sdf.com (misery.sdf.com [204.244.210.193])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id OAA05098
          for <freebsd-stable@freebsd.org>; Mon, 8 Sep 1997 14:23:21 -0700 (PDT)
Received: from tom by misery.sdf.com with smtp (Exim 1.62 #1)
	id 0x8BCZ-0006B6-00; Mon, 8 Sep 1997 14:18:31 -0700
Date: Mon, 8 Sep 1997 14:18:30 -0700 (PDT)
From: Tom <tom@sdf.com>
To: Brian Somers <brian@awfulhak.org>
cc: freebsd-stable@freebsd.org
Subject: Re: unix domain sockets in 2.2-stable 
In-Reply-To: <199709082054.VAA04605@awfulhak.demon.co.uk>
Message-ID: <Pine.BSF.3.95q.970908141342.23740A-100000@misery.sdf.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-stable@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


On Mon, 8 Sep 1997, Brian Somers wrote:

> > 
> >   I use Cyrus for handling a local mail store.  It uses a special pwcheck
> > daemon to check passwords as non-root users can't read the encrypted
> > password field.  The Cyrus imap and pop servers talk to pwcheck on a unix
> > domain socket at /var/pwcheck/pwcheck
> > 
> >   This all worked well up to a 2.2-stable kernel from Aug 31.  My
> > previous 2.2-stable kernel from Jul 19 still works.  If I boot the Aug
> > 31 kernel, cyrus isn't able to connect to the pwcheck deamon, and if I
> > boot to the older Jul 19 kernel cyrus works fine.
> > 
> >   The connect() call in the following segment of code fails on Aug 31
> > kernels, and works on Jul 19 kernels and earlier (code is taken from
> > unix_unix_pwcheck.c from Cyrus 1.5.2).
> > 
> >     memset((char *)&srvaddr, 0, sizeof(srvaddr));
> >     srvaddr.sun_family = AF_UNIX;
> >     strcpy(srvaddr.sun_path, STATEDIR);
> >     strcat(srvaddr.sun_path, "/pwcheck/pwcheck");
> >     r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr));
> >     if (r == -1) {
> > 	*reply = "cannot connect to pwcheck server";
> > 	return 1;
> >     }
> > 
> > 
> >   Does anyone have any idea on what has changed as far as unix domain
> > sockets in 2.2-stable lately?  I've looked at the committ logs, and I
> > don't see anything that stands out.
> 
> There are no problems with local sockets and ppp.  I've just checked 
> a RELENG_2_2 system built on September 1.  Try running ppp in auto 
> mode with a "set server /my/local/socket" in the config (you don't 
> have to actually connect to anything), and then run "pppctl -p xxxx 
> /my/local/socket show ipcp".... works ok.
> 
> I'd suggest a rebuild of your system.

  I already rebuilt my system before sending this.

  I found out what is happening.  The group and other permissions on unix
sockets are ignored.  In my case the pwcheck daemon runs as root, and
therefore the socket is owned by root.  However, the cyrus daemons can't
open the socket because it seesm that the other bits (I have r-x
set) are ignored, and the cyrus daemons run as the cyrus user.  If I chown
the socket after pwcheck opens it, to the cyrus user, everything works ok.

  This new behaviour is now very linux-like.  

> > Tom
> > 
> 
> -- 
> Brian <brian@awfulhak.org>, <brian@freebsd.org>
>       <http://www.awfulhak.org>
> Don't _EVER_ lose your sense of humour....
> 
> 
> 
> 

Tom