[Dovecot] [PATCH] drop root privileges on solaris, request for testing

Andrey Panin pazke at donpac.ru
Thu Dec 18 16:54:49 EET 2008


On 353, 12 18, 2008 at 12:50:11PM +0000, Chris Wakelin wrote:
> Andrey Panin wrote:
> > On 349, 12 14, 2008 at 08:03:25AM +0200, Timo Sirainen wrote:
> >> On Fri, 2008-11-21 at 15:30 +0300, Andrey Panin wrote:
> >>> Hello all,
> >>>
> >>> this patch allows master process to drop more root priveleges under
> >>> Solaris. My limited testing shows that code works, but I'm not sure
> >>> that defined privilege set is permissive enough for dovecot.
> >>>
> >>> Unfortunately I have no root access to our Solaris servers to really
> >>> test it. So if someone is ready to test this patch please do it :)
> >> Since no-one's offered to test perhaps I'll just put this into v1.2 and
> >> see if anyone complains? :)
> > 
> > I have no objections for this plan :)
> 
> Sorry I missed this when first announced (wasn't paying attention I guess).
> 
> I've applied the patch to Dovecot 1.1.7 (with minor change to
> configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup
> 
> dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up
> dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0)
> failed: Not owner
> dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down
> 
> The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing
> it dropped too many privileges.

Can you try running "ppriv -D dovecot" to determine which privilege is missing ?
 
> We actually run our live Dovecot on a Solaris 8 box, but Solaris 8
> doesn't support setppriv, I think.


More information about the dovecot mailing list