[Dovecot] [PATCH] drop root privileges on solaris, request for testing

Chris Wakelin c.d.wakelin at reading.ac.uk
Thu Dec 18 14:50:11 EET 2008


Andrey Panin wrote:
> On 349, 12 14, 2008 at 08:03:25AM +0200, Timo Sirainen wrote:
>> On Fri, 2008-11-21 at 15:30 +0300, Andrey Panin wrote:
>>> Hello all,
>>>
>>> this patch allows master process to drop more root priveleges under
>>> Solaris. My limited testing shows that code works, but I'm not sure
>>> that defined privilege set is permissive enough for dovecot.
>>>
>>> Unfortunately I have no root access to our Solaris servers to really
>>> test it. So if someone is ready to test this patch please do it :)
>> Since no-one's offered to test perhaps I'll just put this into v1.2 and
>> see if anyone complains? :)
> 
> I have no objections for this plan :)

Sorry I missed this when first announced (wasn't paying attention I guess).

I've applied the patch to Dovecot 1.1.7 (with minor change to
configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup

dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up
dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0)
failed: Not owner
dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down

The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing
it dropped too many privileges.

We actually run our live Dovecot on a Solaris 8 box, but Solaris 8
doesn't support setppriv, I think.

Best Wishes,
Chris

-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK              Fax: +44 (0)118 975 3094


More information about the dovecot mailing list