doveadm search -A problem with dropped privileges

Sebastian Kricner sebastian.kricner at tuxwave.net
Tue Jul 14 03:53:18 UTC 2015 

Hello,

if you want to answer to this mail, please send it directly to me.

I have found a big issue with the following command "doveadm -search -A". It
whatsoever works by setting doveadm_worker_count = 0 in the dovecot.conf
configuration file.

The problem is that doveadm-server or something similar uses privileges of
"nobody" and so it fails searching e-mails. Instead also the process tries to
create a maildir for "nobody":

Debug: Namespace : /var/mail/nobody doesn't exist yet, using default permissions
Debug: Namespace : Using permissions from /var/mail/nobody: mode=0700 gid=default
Error: User initialization failed: Namespace '': mkdir(/var/mail/nobody) failed: Permission denied (euid=65534(nobody) egid=65534(nobody) missing +w perm: /var/mail, we're not in group 12(mail), dir owned by 0:12 mode=0775)
Error: search: User init failed
Error: userdb lookup: connect(/var/run/dovecot//auth-userdb) failed: Permission denied (euid=65534(nobody) egid=65534(nobody) missing +r perm: /var/run/dovecot//auth-userdb, we're not in group 12(mail), dir owned by 0:0 mode=0755)
Error: search: User lookup failed: Internal error occurred. Refer to server log for more information.

Even after setting permissions, so that the process can create a maildir for
"nobody" in the /var/mail location, it fails to "setresgid" to the particular
user to be scanned.

It can´t work because it is not possible to gain other user privileges from
another user.


# 2.2.16: /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.7
# OS: Linux Gentoo Base System release 2.2

auth_cache_negative_ttl = xx mins
auth_cache_size = xx M
auth_cache_ttl = xx mins
auth_mechanisms = xx xx
auth_worker_max_count = xx
base_dir = /var/run/dovecot/
default_process_limit = xx
dict {
  expire = sqlite:/xx
}
doveadm_worker_count = 1
first_valid_gid = xx
first_valid_uid = xx
login_greeting = xx.xx
mail_location = maildir:/xx/xx/%u
mail_privileged_group = xx
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate

passdb {
  args = scheme=SHA512 /xx/xx/xx.xx
  driver = passwd-file
}

plugin {
  expire = xx
  expire2 = xx
  expire_dict = proxy::expire
  sieve = ~/.xx.xx
  sieve_dir = ~/.xx
}
protocols = imap sieve
service auth {
  unix_listener auth-client {
    group = xx
    mode = 0660
  }
  unix_listener auth-userdb {
    group = xx
    mode = 0660
  }
}
service dict {
  unix_listener dict {
    mode = 0666
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  process_limit = 6
  service_count = 1
}
ssl_cert = </xx/xx/xx/xx.xx.xx
ssl_key = </xx/xx/xx/xx.xx.xx
ssl_parameters_regenerate = xx days
userdb {
  driver = passwd
}
protocol lda {
  mail_plugins = sieve expire
}
protocol imap {
  imap_idle_notify_interval = xx mins
  mail_max_userip_connections = xx
  mail_plugins = expire
}

Regards

Sebastian Kricner


-- 
http://tuxwave.net -- the difference to think makes it real!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20150714/c69b85f0/attachment.sig>

More information about the dovecot mailing list