Wrong owner of some rspamd config files

[rkfg]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

In

mailcow-dockerized/data/Dockerfiles/rspamd/docker-entrypoint.sh

Line 116 in 36b5ccc

chown -R 82:82 /etc/rspamd/custom/*

the owner of custom rspamd configs is set to 82:82. However, this causes these files to be read-only in the UI:

If I chown them to 101:101 (the user that rspamd runs as) the files become available for editing and save normally. However, since this 82:82 chown is in the entrypoint script, restarting rspamd causes the files to become read only again. I'm not sure if it's some design decision I don't understand or a bug but it's pretty inconvenient because it becomes impossible to change the white/blacklists from the UI without changing the access rights via ssh first. The behavior is exactly the same on two separate instances I maintain (work and personal servers).

Logs:

Unrelated

Steps to reproduce:

1. Open /rspamd/#configuration
2. Many config files are read-only
3. Go to mailcow root dir
4. Do chown 101:101 data/conf/rspamd/custom/*
5. Refresh the rspamd tab
6. Files now can be changed

Which branch are you using?

master

Which architecture are you using?

x86

Operating System:

Debian 12.5

Server/VM specifications:

VDS, 8 GB RAM, 4 CPUs

Is Apparmor, SELinux or similar active?

Apparmor is active

Virtualization technology:

KVM

Docker version:

20.10.24+dfsg1

docker-compose version or docker compose version:

v2.26.1

mailcow version:

2024-04

Reverse proxy:

Caddy

Logs of git diff:

diff --git a/data/conf/unbound/unbound.conf b/data/conf/unbound/unbound.conf
index 27110c04..90c16ee0 100644
--- a/data/conf/unbound/unbound.conf
+++ b/data/conf/unbound/unbound.conf
@@ -4,7 +4,7 @@ server:
   interface: ::0
   logfile: /dev/console
   do-ip4: yes
-  do-ip6: yes
+  do-ip6: no
   do-udp: yes
   do-tcp: yes
   do-daemonize: no

Logs of iptables -L -vn:

Unrelated

Logs of ip6tables -L -vn:

Unrelated

Logs of iptables -L -vn -t nat:

Unrelated

Logs of ip6tables -L -vn -t nat:

Unrelated

DNS check:

188.114.99.224
188.114.98.224

[MAGICCC]

You are able to change such files via mailcow interface, but when you change the owner you won't able to do that anymore I guess

[rkfg]

But I can't edit them in the rspamd UI. I think it'd be better to set ACL for rspamd as well so that both users can edit them. Or run rspamd as the same user. Or set the owner/mod only for the files that can be changed in mailcow UI, not all of them.

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.