[Dovecot] [PATCH] drop root privileges on solaris, request for testing
Chris Wakelin
c.d.wakelin at reading.ac.uk
Thu Dec 18 18:59:13 EET 2008
Chris Wakelin wrote:
> Andrey Panin wrote:
>>> I've applied the patch to Dovecot 1.1.7 (with minor change to
>>> configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup
>>>
>>> dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up
>>> dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0)
>>> failed: Not owner
>>> dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down
>>>
>>> The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing
>>> it dropped too many privileges.
>> Can you try running "ppriv -D dovecot" to determine which privilege is missing ?
>>
Aha! I found out why that didn't work; needs "-e".
# ppriv -D -e dovecot
dovecot[19610]: missing privilege "ALL" (euid = 65534, syscall = 23)
needed at setuid+0x98
dovecot[19610]: missing privilege "proc_setid" (euid = 65534, syscall =
46) needed at setgid+0x9c
imap[19610]: missing privilege "ALL" (euid = 65534, syscall = 23) needed
at setuid+0x98
# ppriv -D -s +proc_setid -e dovecot
dovecot[19632]: missing privilege "ALL" (euid = 65534, syscall = 23)
needed at setuid+0x98
Fatal: We couldn't drop root group privileges (wanted=65534, gid=0, egid=0)
Error: imap dump-capability process returned 89
Fatal: Invalid configuration in dovecot.conf
I'm confused as to whether the list in capabilities-solaris.c is
privileges to drop or privileges to set?
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
More information about the dovecot
mailing list