At 3:58 PM -0400 9/26/07, Jerry Yeager imposed structure on a stream of electrons, yielding:
In running the various 1.0.n versions of Dovecot's LDA with the instructions in the wiki for using LDA with Postfix [on OS X 10.4] things went well using the instructions as-is (no setuid problems).
This changed in moving over to the 1.1 beta. The LDA refused to work failing with the error "setgroups() failed: Operation not permitted" as I mentioned in a previous message.
That looks like a bug. A program that calls setgroups() must be running as root. It seems to me that a code path leading to such a call should probably be able to identify that issue before the call and provide a better failure message than translating EPERM into its standard meaning....
The interesting question would be: why does deliver want to call setgroups() at all?
After reading the exchange between Bill Cole and Rich Winkel and following up on this, it seems that the new 1.1b wants you to give the Deliver app specific setuid permission via:
cd /path/to/where/dovecot's/deliver/is
sudo chmod u+s deliver
Then things worked as before. There was no need to give the group 's' permission nor to change ownership of deliver from the default root:staff or root:wheel or whomever... . The error message seems odd though.
I am not sure if, overall, this means there is a problem in Dovecot 1.0.n or that things are being tightened up in 1.1b.
Thanks Bill and Rich for the tip!
I'd love to take credit, but I thought that was about the LDA with Sendmail, which is rather different, and Rich was running 1.0.3...
In any event, I won't go so far as to say that running deliver as setuid root is actively dangerous, but it feels wrong to me and I wouldn't do it. That may be from too much exposure to bizarre attacks through delivery agents in the Dark Ages.
That it works without being setuid on Linux is a touch odd.
--
Bill Cole
bill@scconsult.com