static int mkdir_chown_full(const char *path, mode_t mode, uid_t uid, gid_t gid, const char *gid_origin) { string_t *str; mode_t old_mask; int ret, orig_errno; old_mask = umask(0); ret = mkdir(path, mode); umask(old_mask); if (ret < 0) { if (errno == EISDIR || errno == ENOSYS) { /* EISDIR check is for BSD/OS which returns it if path contains '/' at the end and it exists. ENOSYS check is for NFS mount points. */ errno = EEXIST; } return -1; } if (chown(path, uid, gid) < 0) { orig_errno = errno; if (rmdir(path) < 0) i_error("rmdir(%s) failed: %m", path); errno = orig_errno; if (errno == EPERM && uid == (uid_t)-1) { i_error("%s", eperm_error_get_chgrp("chown", path, gid, gid_origin)); return -1; } str = t_str_new(256); str_printfa(str, "chown(%s, %ld", path, uid == (uid_t)-1 ? -1L : (long)uid); if (uid != (uid_t)-1) { struct passwd pw; if (i_getpwuid(uid, &pw) > 0) str_printfa(str, "(%s)", pw.pw_name); } str_printfa(str, ", %ld", gid == (gid_t)-1 ? -1L : (long)gid); if (gid != (gid_t)-1) { struct group gr; if (i_getgrgid(uid, &gr) > 0) str_printfa(str, "(%s)", gr.gr_name); } errno = orig_errno; i_error("%s) failed: %m", str_c(str)); return -1; } return 0; }
static void mbox_dotlock_log_eacces_error(struct mbox_mailbox *mbox, const char *path) { const char *dir, *errmsg, *name; struct stat st; struct group group; int orig_errno = errno; errmsg = eacces_error_get_creating("file_dotlock_create", path); dir = strrchr(path, '/'); dir = dir == NULL ? "." : t_strdup_until(path, dir); /* allow privileged locking for a) user's own INBOX, b) another user's shared INBOX, and c) anything called INBOX (in inbox=no namespace) */ if (!mbox->box.inbox_any && strcmp(mbox->box.name, "INBOX") != 0) { mailbox_set_critical(&mbox->box, "%s (not INBOX -> no privileged locking)", errmsg); } else if (!mbox->mbox_privileged_locking) { dir = mailbox_list_get_root_forced(mbox->box.list, MAILBOX_LIST_PATH_TYPE_DIR); mailbox_set_critical(&mbox->box, "%s (under root dir %s -> no privileged locking)", errmsg, dir); } else if (stat(dir, &st) == 0 && (st.st_mode & 02) == 0 && /* not world-writable */ (st.st_mode & 020) != 0) { /* group-writable */ if (i_getgrgid(st.st_gid, &group) <= 0) name = dec2str(st.st_gid); else name = group.gr_name; mailbox_set_critical(&mbox->box, "%s (set mail_privileged_group=%s)", errmsg, name); } else { mailbox_set_critical(&mbox->box, "%s (nonstandard permissions in %s)", errmsg, dir); } errno = orig_errno; }