From owner-freebsd-stable Mon Sep 8 16:25:12 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id QAA14034 for stable-outgoing; Mon, 8 Sep 1997 16:25:12 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id QAA14027 for ; Mon, 8 Sep 1997 16:25:03 -0700 (PDT) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id AAA06597; Tue, 9 Sep 1997 00:23:54 +0100 (BST) Message-Id: <199709082323.AAA06597@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: Tom cc: Brian Somers , freebsd-stable@FreeBSD.ORG Subject: Re: unix domain sockets in 2.2-stable In-reply-to: Your message of "Mon, 08 Sep 1997 14:18:30 PDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 09 Sep 1997 00:23:54 +0100 From: Brian Somers Sender: owner-freebsd-stable@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > > On Mon, 8 Sep 1997, Brian Somers wrote: > > > > > > > I use Cyrus for handling a local mail store. It uses a special pwcheck > > > daemon to check passwords as non-root users can't read the encrypted > > > password field. The Cyrus imap and pop servers talk to pwcheck on a unix > > > domain socket at /var/pwcheck/pwcheck > > > > > > This all worked well up to a 2.2-stable kernel from Aug 31. My > > > previous 2.2-stable kernel from Jul 19 still works. If I boot the Aug > > > 31 kernel, cyrus isn't able to connect to the pwcheck deamon, and if I > > > boot to the older Jul 19 kernel cyrus works fine. > > > > > > The connect() call in the following segment of code fails on Aug 31 > > > kernels, and works on Jul 19 kernels and earlier (code is taken from > > > unix_unix_pwcheck.c from Cyrus 1.5.2). > > > > > > memset((char *)&srvaddr, 0, sizeof(srvaddr)); > > > srvaddr.sun_family = AF_UNIX; > > > strcpy(srvaddr.sun_path, STATEDIR); > > > strcat(srvaddr.sun_path, "/pwcheck/pwcheck"); > > > r = connect(s, (struct sockaddr *)&srvaddr, sizeof(srvaddr)); > > > if (r == -1) { > > > *reply = "cannot connect to pwcheck server"; > > > return 1; > > > } > > > > > > > > > Does anyone have any idea on what has changed as far as unix domain > > > sockets in 2.2-stable lately? I've looked at the committ logs, and I > > > don't see anything that stands out. > > > > There are no problems with local sockets and ppp. I've just checked > > a RELENG_2_2 system built on September 1. Try running ppp in auto > > mode with a "set server /my/local/socket" in the config (you don't > > have to actually connect to anything), and then run "pppctl -p xxxx > > /my/local/socket show ipcp".... works ok. > > > > I'd suggest a rebuild of your system. > > I already rebuilt my system before sending this. > > I found out what is happening. The group and other permissions on unix > sockets are ignored. In my case the pwcheck daemon runs as root, and > therefore the socket is owned by root. However, the cyrus daemons can't > open the socket because it seesm that the other bits (I have r-x > set) are ignored, and the cyrus daemons run as the cyrus user. If I chown > the socket after pwcheck opens it, to the cyrus user, everything works ok. > > This new behaviour is now very linux-like. Sounds like you've got a dodgy umask. The bind() that creates the local socket looks at your umask. The only way to choose your permissions at bind() time is to get the umask correct. Take a look at /usr/src/usr.sbin/ppp/server.c - it does and undoes a umask() around the bind() call to overcome this. I wasn't aware that this behaviour has changed, but that doesn't mean much :-I > > Tom > -- Brian , Don't _EVER_ lose your sense of humour....