[Dovecot] 2.2.4 - quota-status changing the user it is running as
Timo Sirainen
tss at iki.fi
Thu Aug 1 13:44:08 EEST 2013
On 1.8.2013, at 13.11, Axel Luttgens <AxelLuttgens at swing.be> wrote:
> Le 30 juil. 2013 à 20:36, Axel Luttgens a écrit :
>
>> [...]
>> Do you really mean "either", not "both"? I ask, because those patches seem to intervene at quite different levels (but I guess I'll have, one day or another, to get more acquainted with Dovecot's coding, so as not to come with such silly questions...).
>> […]
I meant "either".
> So, even if I could only test a unique mail uid/gid (i.e. dovemailer/dovemailer) kind of setup, I've applied both patches so as to verify they don't enter in conflict.
> On the other hand, trying to run the service as another user:
>
> service quota-status {
> client_limit = 1
> executable = quota-status -p postfix
> user = dovemailer
> group = dovemailer
> unix_listener /var/spool/postfix/private/quota-policyd {
> user = postfix
> }
> }
>
> unfortunately still requires to relax the permissions on the config unix socket:
>
> service config {
> unix_listener config {
> group = dovemailer
> mode = 0660
> }
> }
>
> so as to avoid such immediate failures:
>
> quota-status: Fatal: Error reading configuration: net_connect_unix(/_ROOT/var/run/dovecot/config) failed: Permission denied
> master: Error: service(quota-status): command startup failed, throttling for 2 secs
Yeah. Hmm. I guess this is a good idea to fix too: http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471
Although now if the config process crashes, this error comes back and Dovecot can't fix it automatically. That's in my TODO as well. Config process never crashes though :)
> But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query:
>
> quota-status: Fatal: seteuid(0) failed: Operation not permitted
Fixed: http://hg.dovecot.org/dovecot-2.2/rev/43488e1044c9
More information about the dovecot
mailing list