[Dovecot] We couldn't drop root group privileges

J. Erik Heinz jheinz at much-magic.wiwi.uni-frankfurt.de
Sun Apr 3 14:12:28 EEST 2005 

Hi Timo,

On Sun, Apr 03, 2005 at 01:30:26AM +0300, Timo Sirainen wrote:
> On Sun, 2005-04-03 at 00:08 +0200, J. Erik Heinz wrote:
> > 	imap(jerik): Apr 02 19:38:03 Fatal: We couldn't drop root group
> > 	privileges
> 
> What Dovecot version and operating system? At least one reason for this
> was fixed in later Dovecot versions..
OS: FreeBSD 5.3-BETA4
Dovecot: dovecot-0.99.12.1 (Portinstallation)
> > If I understand the dovecot.conf wright, the is the user root required
> > for running dovecot "auth_user =  root". That's why I don't understand
> > the erros message. 
> 
> The error message happens because jerik user is in wheel/root group and
> Dovecot wasn't able to drop it. You could also allow that group by
> setting:
> first_valid_gid = 1
I tried first_valid_gid = 1. I just changed this in the dovecot.conf.
The rest of the conf is still the same. But I get still an error: 
	Trying 192.168.0.14...
	Connected to op.
	Escape character is '^]'.
	* OK dovecot ready.
	. login jerik password
	. OK Logged in.
	* BYE Internal login failure. Error report written to server log.
	Connection closed by foreign host.
And the logs say: 
	dovecot: Apr 03 12:59:17 Info: Dovecot starting up
	dovecot: Apr 03 12:59:35 Error: Logins for users with primary group ID
	0 (user jerik) not permitted (see first_valid_gid in config file).
	imap-login: Apr 03 12:59:35 Info: Internal login failure: jerik
	[192.168.0.23]
I think my main problem is, that i don't understand the meaning of:
	"We couldn't drop root group privileges"
Why should it drop the group privileges - OK ... security reasons -
but how does it work? I dont get the mechanism and that's why I dont
understand.

> > By the way, through the installation there was the user and group
> > dovecot created, should this user start dovecot at boottime? Or should
> > he be used for other tasks?
> Dovecot uses it internally. It should start as root.
OK

Regards Erik

-- 
J. Erik Heinz
Koblenzer Str. 11
60327 Frankfurt am Main
Handy: 0163 337 37 45
Mail: jheinz at wiwi.uni-frankfurt.de

More information about the dovecot mailing list