Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong owner of some rspamd config files #5864

Open
5 tasks done
rkfg opened this issue May 1, 2024 · 2 comments
Open
5 tasks done

Wrong owner of some rspamd config files #5864

rkfg opened this issue May 1, 2024 · 2 comments
Labels
bug

Comments

@rkfg
Copy link

rkfg commented May 1, 2024
edited

Contribution guidelines

I've found a bug and checked that ...

  • ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
  • ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
  • ... I have understood that answers are voluntary and community-driven, and not commercial support.
  • ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

In

mailcow-dockerized/data/Dockerfiles/rspamd/docker-entrypoint.sh

Line 116 in 36b5ccc

chown -R 82:82 /etc/rspamd/custom/*
the owner of custom rspamd configs is set to 82:82. However, this causes these files to be read-only in the UI:
2024-05-01_19-46-01
If I chown them to 101:101 (the user that rspamd runs as) the files become available for editing and save normally. However, since this 82:82 chown is in the entrypoint script, restarting rspamd causes the files to become read only again. I'm not sure if it's some design decision I don't understand or a bug but it's pretty inconvenient because it becomes impossible to change the white/blacklists from the UI without changing the access rights via ssh first. The behavior is exactly the same on two separate instances I maintain (work and personal servers).

Logs:

Unrelated

Steps to reproduce:

1. Open /rspamd/#configuration
2. Many config files are read-only
3. Go to mailcow root dir
4. Do chown 101:101 data/conf/rspamd/custom/*
5. Refresh the rspamd tab
6. Files now can be changed

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12.5

Server/VM specifications:

VDS, 8 GB RAM, 4 CPUs

Is Apparmor, SELinux or similar active?

Apparmor is active

Virtualization technology:

KVM

Docker version:

20.10.24+dfsg1

docker-compose version or docker compose version:

v2.26.1

mailcow version:

2024-04

Reverse proxy:

Caddy

Logs of git diff:

diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..90c16ee0 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no

Logs of iptables -L -vn:

Unrelated

Logs of ip6tables -L -vn:

Unrelated

Logs of iptables -L -vn -t nat:

Unrelated

Logs of ip6tables -L -vn -t nat:

Unrelated

DNS check:

188.114.99.224
188.114.98.224
@rkfg rkfg added the bug label May 1, 2024
@MAGICCC
Copy link
Member

MAGICCC commented May 5, 2024

You are able to change such files via mailcow interface, but when you change the owner you won't able to do that anymore I guess

@rkfg
Copy link
Author

rkfg commented May 5, 2024

But I can't edit them in the rspamd UI. I think it'd be better to set ACL for rspamd as well so that both users can edit them. Or run rspamd as the same user. Or set the owner/mod only for the files that can be changed in mailcow UI, not all of them.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rkfg @MAGICCC