From: Timo Sirainen <tss@iki.fi>
Date: Sat, 24 May 2008 22:52:17 +0000 (+0300)
Subject: mbox: If INBOX creation fails because of EACCES, try with privileged group
X-Git-Tag: 1.1.rc6~36
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=456e3cf1a6333eec28468c34d75ebcb6d723b71f;p=thirdparty%2Fdovecot%2Fcore.git

mbox: If INBOX creation fails because of EACCES, try with privileged group
enabled.

--HG--
branch : HEAD
---

diff --git a/dovecot-example.conf b/dovecot-example.conf
index b9c07d4e2c..e9a2e40bb9 100644
--- a/dovecot-example.conf
+++ b/dovecot-example.conf
@@ -270,7 +270,7 @@
 #mail_gid =
 
 # Group to enable temporarily for privileged operations. Currently this is
-# used only for creating mbox dotlock files when creation fails for INBOX.
+# used only with INBOX when either its initial creation or dotlocking fails.
 # Typically this is set to "mail" to give access to /var/mail.
 #mail_privileged_group =
 
diff --git a/src/lib-storage/index/mbox/mbox-storage.c b/src/lib-storage/index/mbox/mbox-storage.c
index 04061392a3..3b2b0189cf 100644
--- a/src/lib-storage/index/mbox/mbox-storage.c
+++ b/src/lib-storage/index/mbox/mbox-storage.c
@@ -4,6 +4,7 @@
 #include "ioloop.h"
 #include "array.h"
 #include "istream.h"
+#include "restrict-access.h"
 #include "mkdir-parents.h"
 #include "unlink-directory.h"
 #include "home-expand.h"
@@ -472,6 +473,12 @@ static int verify_inbox(struct mail_storage *storage)
 
 	/* make sure inbox file itself exists */
 	fd = open(inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+	if (fd == -1 && errno == EACCES) {
+		/* try again with increased privileges */
+		(void)restrict_access_use_priv_gid();
+		fd = open(inbox_path, O_RDWR | O_CREAT | O_EXCL, 0660);
+		restrict_access_drop_priv_gid();
+	}
 	if (fd != -1)
 		(void)close(fd);
 	else if (errno == ENOTDIR &&