[Dovecot] (straced) FreeBSD - dovecot: We couldn't drop root group privileges
Igor B. Bykhalo
goshik at binep.ac.ru
Wed Aug 25 10:15:50 EEST 2004
Hello Timo,
Tuesday, August 24, 2004, 8:21:06 PM, you wrote:
> On Tue, 2004-08-24 at 19:52 +0400, Igor B. Bykhalo wrote:
>> > 8103 getsockname(9, {sa_family=AF_UNIX,
>> path="/var/run/dovecot/login/def0ыїїф�� "}, [28]) = 0
>> ^^^^^^^^^^^^^^^^^
>> Oops! What's this?
>
> I wondered about the same thing some time ago. I'm not really sure why
> it looks like that. Maybe I should look into it.
>
> Anyway, the fix for your problem is to not use wheel group as the
> primary group for your user in /etc/passwd, rather move the user to
> wheel group in /etc/group and use some other primary group.
Thank you very much, that worked indeed.
> There should have been different error message for this, but I'm not
> sure why it doesn't work. I should look into that too :)
> Also setting first_valid_gid=0 should work around this, but that doesn't
> currently work either.
Thanks,
Igor B. Bykhalo
P.S. I also wrote earlier:
> I also straced dovecot process, but it showed no visible (to me) errors.
Well, this was untrue - here is output of strace -fF -p <dovecot.pid>,
don't know could it be informative...
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 99) = 0
> 8102 gettimeofday({1093360394, 200640}, {0, 0}) = 0
> 8102 gettimeofday({1093360394, 200723}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 0) = 0
> 8102 gettimeofday({1093360394, 200884}, {0, 0}) = 0
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 gettimeofday({1093360394, 201037}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 98) = 0
> [... All the same ...]
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 gettimeofday({1093360417, 941767}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 99) = 1
> 8102 gettimeofday({1093360418, 1340}, {0, 0}) = 0
> 8102 recvmsg(14, {msg_name(0)=NULL, msg_iov(1)=[{"\6\0\0\0\247\37\0\0\1\0\0\0\2\0\277\277\301\351,\352\244"..., 32}], msg_controllen=16, msg_control=0xbfbffa84, , msg_flags=0}, 0) = 32
> 8102 fcntl(19, F_GETFD) = 0
> 8102 fcntl(19, F_SETFD, FD_CLOEXEC) = 0
> 8102 write(12, "\7\0\0\0\1\0\0\0\334\37\0\0", 12) = 12
> 8102 gettimeofday({1093360418, 1817}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 39) = 1
> 8102 gettimeofday({1093360418, 1974}, {0, 0}) = 0
> 8102 read(12, "\7\0\0\0\1\0\0\0\351\3\0\0\0\0\0\0\0\0\0\0\7\0\0\0\16\0"..., 3693) = 67
> 8102 fork() = 12406
> 8102 write(14, "\6\0\0\0\1\0\0\0", 8) = 8
> 12406 exit(89) = ?
> 8102 --- SIGCHLD (Child exited) ---
> 8102 close(19) = 0
> 8102 gettimeofday({1093360418, 15478}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 25) = 1
> 8102 gettimeofday({1093360418, 15713}, {0, 0}) = 0
> 8102 recvmsg(14, {msg_name(0)=NULL, msg_iov(1)=[{"$\374\277\277c\335\4\10\300\320\5\10\34\374\277\277h>\0"..., 32}], msg_controllen=0, msg_flags=0}, 0) = 0
> 8102 close(14) = 0
> 8102 gettimeofday({1093360418, 16101}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 6, 24) = 0
> 8102 gettimeofday({1093360418, 51423}, {0, 0}) = 0
> 8102 gettimeofday({1093360418, 51539}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 6, 0) = 0
> 8102 gettimeofday({1093360418, 51765}, {0, 0}) = 0
> 8102 wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 89], WNOHANG, NULL) = 12406
> 8102 gettimeofday({1093360418, 52014}, NULL) = 0
> 8102 sendto(9, "<19>Aug 24 19:13:38 dovecot: chi"..., 65, 0, NULL, 0) = 65
> 8102 wait4(-1, [WIFEXITED(s) && WEXITSTATUS(s) == 0], WNOHANG, NULL) = 8156
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 gettimeofday({1093360418, 52532}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 6, 98) = 0
> 8102 gettimeofday({1093360418, 161419}, {0, 0}) = 0
> 8102 gettimeofday({1093360418, 161535}, NULL) = 0
> [... All the same ...]
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 6, 0) = 0
> 8102 gettimeofday({1093360418, 821782}, {0, 0}) = 0
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 socketpair(PF_UNIX, SOCK_STREAM, 0, [0, 134631744]) = 0
> 8102 fork() = 12409
> 8102 fcntl(14, F_GETFL) = 0x2 (flags O_RDWR)
> 12409 getdirentries(6, <unfinished ...>
> 8102 fcntl(14, F_SETFL, O_RDWR|O_NONBLOCK <unfinished ...>
> 12409 <... getdirentries resumed> /* 0 entries */, 4096, [512]) = 0
> 8102 <... fcntl resumed> ) = 0
> 12409 lseek(6, 0, SEEK_SET <unfinished ...>
> 8102 fcntl(14, F_GETFD <unfinished ...>
> 12409 <... lseek resumed> ) = 0
> 8102 <... fcntl resumed> ) = 0
> 12409 close(6 <unfinished ...>
> 8102 fcntl(14, F_SETFD, FD_CLOEXEC <unfinished ...>
> 12409 <... close resumed> ) = 0
> 8102 <... fcntl resumed> ) = 0
> 12409 getsockname(0, <unfinished ...>
> 8102 lseek(14, 0, SEEK_CUR <unfinished ...>
> 12409 <... getsockname resumed> {sa_family=AF_INET, sin_port=htons(143), sin_addr=inet_addr("193.233.44.213")}, [16]) = 0
> 8102 <... lseek resumed> ) = -1 ESPIPE (Illegal seek)
Here ^^^^^^^^^^^^^^^^^^^^^^^^
> 12409 getsockname(1, <unfinished ...>
> 8102 getsockname(14, <unfinished ...>
> 12409 <... getsockname resumed> 0xbfbffbf4, [28]) = -1 ENOTSOCK (Socket operation on non-socket)
And here ^^^^^^^^^^^^^^^^^^^^^^^^
> 8102 <... getsockname resumed> {sa_family=0xb2 /* AF_??? */, sa_data="!(\260\321\6\10\1\0\0\0\0\372\277\277"}, [0]) = 0
> 12409 sendmsg(3, {msg_name(0)=NULL, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 32}], msg_controllen=0, msg_flags=0}, 0 <unfinished ...>
> 8102 close(19 <unfinished ...>
> 12409 <... sendmsg resumed> ) = 32
> 8102 <... close resumed> ) = 0
> 12409 gettimeofday( <unfinished ...>
> 8102 gettimeofday( <unfinished ...>
> 12409 <... gettimeofday resumed> {1093360418, 832098}, NULL) = 0
> 8102 <... gettimeofday resumed> {1093360418, 832150}, NULL) = 0
> 12409 poll( <unfinished ...>
> 8102 poll( <unfinished ...>
> 12409 <... poll resumed> [{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 3, 992) = 1
> 8102 <... poll resumed> [{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL, revents=POLLIN}], 7, 88) = 1
> 12409 gettimeofday( <unfinished ...>
> 8102 gettimeofday( <unfinished ...>
> 12409 <... gettimeofday resumed> {1093360418, 832559}, {0, 0}) = 0
> 8102 <... gettimeofday resumed> {1093360418, 832610}, {0, 0}) = 0
> 12409 break(0x806c000 <unfinished ...>
> 8102 recvmsg(14, <unfinished ...>
> 12409 <... break resumed> ) = 0
> 8102 <... recvmsg resumed> {msg_name(0)=NULL, msg_iov(1)=[{"\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 32}], msg_controllen=0, msg_flags=0}, 0) = 32
> 12409 read(7, <unfinished ...>
> 8102 gettimeofday( <unfinished ...>
> 12409 <... read resumed> "\247\37\0\0\1\0\0\0", 4096) = 8
> 8102 <... gettimeofday resumed> {1093360418, 833110}, NULL) = 0
> 12409 gettimeofday( <unfinished ...>
> 8102 poll( <unfinished ...>
> 12409 <... gettimeofday resumed> {1093360418, 833308}, NULL) = 0
> 12409 poll( <unfinished ...>
> 8102 <... poll resumed> [{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 87) = 0
> 8102 gettimeofday({1093360418, 931452}, {0, 0}) = 0
> 8102 gettimeofday({1093360418, 931569}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 0) = 0
> 8102 gettimeofday({1093360418, 931798}, {0, 0}) = 0
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> [... All the same ...]
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 gettimeofday({1093360419, 702029}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 98) = 0
> 8102 gettimeofday({1093360419, 811520}, {0, 0}) = 0
> 8102 gettimeofday({1093360419, 811636}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 0) = 0
> 8102 gettimeofday({1093360419, 811964}, {0, 0}) = 0
> 8102 wait4(-1, 0xbfbffabc, WNOHANG, NULL) = 0
> 8102 gettimeofday({1093360419, 812186}, NULL) = 0
> 8102 poll( <unfinished ...>
> 12409 <... poll resumed> [{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 3, 991) = 0
> 12409 gettimeofday({1093360419, 841481}, {0, 0}) = 0
> 12409 gettimeofday({1093360419, 841599}, NULL) = 0
> 12409 poll([{fd=7, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=0, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 3, 0) = 0
> 12409 gettimeofday({1093360419, 841819}, {0, 0}) = 0
> 12409 gettimeofday({1093360419, 841949}, NULL) = 0
> 12409 poll( <unfinished ...>
> 8102 <... poll resumed> [{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 98) = 0
> 8102 gettimeofday({1093360419, 921487}, {0, 0}) = 0
> 8102 gettimeofday({1093360419, 921602}, NULL) = 0
> 8102 poll([{fd=12, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=18, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=13, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=15, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=16, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=17, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=14, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 7, 0) = 0
> 8102 gettimeofday({1093360419, 921830}, {0, 0}) = 0
pid 12409 is imap-login...
More information about the dovecot
mailing list