[Dovecot] Post Login Script in 2.0

Mark Moseley moseleymark at gmail.com
Mon Mar 22 22:04:40 EET 2010

On Fri, Mar 19, 2010 at 6:02 PM, Mark Moseley <moseleymark at gmail.com> wrote:
> On Fri, Mar 19, 2010 at 5:58 PM, Timo Sirainen <tss at iki.fi> wrote:
>> On 20.3.2010, at 2.54, Mark Moseley wrote:
>>> Been digging through the list archives but I didn't see anything about
>>> this specifically.
>> There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
> Awesome, thanks! I'm at an embarrassing loss though as to how I missed that.

Should 'script' respect the first_valid_uid setting in the main config
file? I don't see it actually reading the conf files, nor is it passed
in the env. I can see 'script' connecting to /var/run/dovecot//config
and reading/writing from it ok. But when 'script' runs, right after
talking to the config socket and before exec'ing anything, it bails
out with:

imap-postlogin: script: Fatal: Mail access for users with UID 200 not
permitted (see first_valid_uid in config file)

even though "first_valid_uid" is set to 199 in my test box's
dovecot.conf. In the course of debugging, I also tried setting
"mail_uid=200" and "last_valid_uid=201" but neither helped. I also
tried various permutations of drop_priv_before_exec on service 'imap'
and 'imap-postlogin'. The actual imap/pop3 processes are perfectly
happy though with uid 200. It's just 'script' that takes exception.

When it talks to the config socket, it sends (slightly obfuscated, so
don't mind byte count):

15:37:20.090361 write(11,
"VERSION\tconfig\t2\t0\nREQ\tmodule=script\tservice=script\tuser=benchmark at test\tlip=\trip=\n"...,
129) = 129

and gets back:

15:37:20.090894 read(11, "service-uses-local\tused-local\t\n\n"..., 4096) = 32

the other modules talking to the config socket seem to get a whole lot
more output. This was the case for Fri's checkout as well as beta4
(tried today's checkout but compiling dies with
"../../src/lib-storage/.libs/libdovecot-storage.so: undefined
reference to `sdbox_copy'").

If I edit all the occurrences for first_valid_uid in (didn't try
different permutations to see which actually worked):


and hardcode to 199, it starts working. In dovecot -a output, I don't
see anywhere that the first_valid_uid could overridden in service imap
or imap-postlogin.

More information about the dovecot mailing list