grsecurity forums

Hi!

I use the Maildir system on my server. So every user has the following directory: ~/Maildir

I want to give my imapd access to these Maildirs (i think it is not good to give it rwcd permissions on /home )

I use the following Objects:

/home
/home/*/Maildir rwcd

but when i run it i get the following error:
denied open of /home/florian/Maildir/.Drafts/courierimapacl for reading by /usr/bin/imapd[imapd:30068] uid/euid:1010/1010 gid/egid:8/8, parent /usr/sbin/couriertcpd[couriertcpd:28952] uid/euid:0/0 gid/egid:0/0

can anyone help me?

Add the following rule:

/home/*/Maildir/* rwcd

The reason is that when using the wildcard expressions, creating an expression that matches a directory will only match that directory, and will not apply to files or directories within it. The above expression will apply to those files and directories.

-Brad

thx

One last question: are there other wildcards than * and ? in grsecurity?

Because, with this configuration, there could be a posibility to write files on positions, where it should not.

(for example if there is a directory /home/florian/foo/foo/Maildir it has rwcd rights there)

I will be adding [a-zA-Z0-9] type support shortly. * and ? are the only characters supported currently.

-Brad

i know what the * wildcard does, but what does the ? wildcard do?

-Rocky

* are multiple characters ? is only one

so fore example:

/???/ will match /abc/ but not /ab/ and not /abcd/

/*/ will match all of them

sexy thanks