imap access

Submit your RBAC policies or suggest policy improvements

Moderators: spender, PaX Team

imap access

Postby emostar » Wed May 10, 2006 3:02 am

Hello.. me again.. I seem to be taking up a lot of the posts these days.. :P

I have the following output in my syslog after I enable grsec and try to access my imap server:

grsec: From 192.168.0.100: (default:D:/) denied access to hidden file /home/vpopmail/domains/thejon.org/jon by /usr/local/libexec/authlib/authvchkpw[authvchkpw:10536] uid/euid:1007/1007 gid/egid:111/111, parent /usr/local/libexec/couriertcpd[couriertcpd:28266] uid/euid:0/0 gid/egid:0/0

The uid 1007 is my vpopmail user, which has a role.
My question is, why does it go to the default role? I have a role for uid 0 (root) and uid 1007 (vpopmail), both with /usr/local/libexec/authlib/authvchkpw objects.

I see the parent process (couriertcpd) is being executed as uid 0... does this mean I have to adapt my policy to the changing UID?

Thanks,

Jon
emostar
 
Posts: 7
Joined: Mon Apr 24, 2006 11:09 pm

Postby spender » Sun May 14, 2006 10:14 pm

I'd have to see your full policy to tell why it's not using the role, since there are a number of possible causes. Can you send your policy to spender@grsecurity.net?

-Brad
spender
 
Posts: 2185
Joined: Wed Feb 20, 2002 8:00 pm
Location: VA, USA


Return to RBAC policy development

cron