Re: dying on osx

10 Aug 2018

I found and tried this work around on the man page: 
https://www.unix.com/man-page/all/5/ngroups_max/ but I still get the 
same "Too many extra groups" error even when I start dovecot with the 
above program to limit the # of groups. I suspect that dovecot is adding 
a number of groups when it starts up.

I've hacked a work around to get it working for me on my laptop:

diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c

@@ -224,7 +224,12 @@ static void fix_groups_list(const struct 
restrict_access_settings *set,

-    if (setgroups(gid_count, gid_list) < 0) {

+    if (setgroups(gid_count > NGROUPS_MAX ? 16 : gid_count, gid_list) < 
0) {
          if (errno == EINVAL) {
              i_fatal("setgroups(%s) failed: Too many extra groups",
                  set->extra_groups == NULL ? "" :

and this works.

I'm not sure what the right solution is for a PR. Any suggestions?

Thanks

Mike



On 8/10/18 11:04, Aki Tuomi wrote:
...
Is the user member of mail group?
---
Aki Tuomi
Dovecot oy
-------- Original message --------
From: Mike Makuch <1mikemakuch@gmail.com>
Date: 10/08/2018 19:02 (GMT+02:00)
To: Aki Tuomi 
Cc: dovecot@dovecot.org
Subject: Re: dying on osx
Maybe an old problem that has resurfaced???
https://bugzilla.samba.org/show_bug.cgi?id=8773
Mike
On 8/10/18 10:54, Aki Tuomi wrote:
...
I have to see if this is reproducible outside mac.
---
Aki Tuomi
Dovecot oy
-------- Original message --------
From: Mike Makuch <1mikemakuch@gmail.com>
Date: 10/08/2018 18:46 (GMT+02:00)
To: Aki Tuomi 
Subject: Re: dying on osx
I did find that page and tried a few things there. My config has all of
the settings there except 3:
mail_access_groups = mail
mbox_read_locks = fcntl
mbox_write_locks = fcntl
I add them to my config, restart and get the same abort
20180810-103849 imap(mkm)<79213>: Fatal:
setgroups(mail,505) failed: Too many extra groups
I've tried numerous other settings as well.
Thanks for any further advice
Mike
On 8/10/18 08:45, Aki Tuomi wrote:
...
Can you try this config and report back?
https://superuser.com/questions/957272/dotlock-permissions-problems-with-dov...
...
Aki
...
On 10 August 2018 at 16:39 Mike Makuch <1mikemakuch@gmail.com> wrote:
OSX 10.13.6 High Sierra, dovecot 2.3.2.1
dovecot starts up and runs but dies as soon as my mail client makes a
request with log and config below.
And advice appreciated.
Thanks
Mike
20180810-083730 auth: Debug: auth client connected (pid=77432)
20180810-083730 auth: Debug: client in: AUTH    1 PLAIN
service=imap    secured    session=xo1p2BRzZNd/AAAB lip=127.0.0.1
rip=127.0.0.1    lport=143    rport=55140
20180810-083730 auth: Debug: client passdb out: CONT 1
20180810-083730 auth: Debug: client in: CONT    1 AG1rbQBta20xMjM=
(previous base64 data may contain sensitive data)
20180810-083730 auth: Debug: static(mkm,127.0.0.1,):
lookup
20180810-083730 auth: Debug: client passdb out: OK    1 user=mkm
host=localhost    nopasswd=y
20180810-083730 auth: Debug: master in: REQUEST 4201906177 77432
1    b8126b4b71be2959fc7716888eccc566 session_pid=77433
request_auth_token
20180810-083730 auth-worker(77426): Debug:
passwd(mkm,127.0.0.1,): lookup
20180810-083730 auth: Debug: master userdb out: USER 4201906177
mkm    system_groups_user=mkm    uid=503 gid=20 home=/Users/mkm
auth_token=4d2bb44168df3d63e4e1bb352e59de632bc7da49
20180810-083730 imap-login: Info: Login: user=<mkm>, method=PLAIN,
rip=127.0.0.1, lip=127.0.0.1, mpid=77433, secured,
session=
20180810-083730 imap(mkm)<77433>: Fatal:
setgroups(505) failed: Too many extra groups
# doveconf -n
# 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
# OS: Darwin 17.7.0 x86_64
# Hostname: pine
auth_debug = yes
auth_debug_passwords = yes
default_internal_user = _dovecot
default_login_user = _dovenull
disable_plaintext_auth = no
listen = 127.0.0.1
log_path = /var/log/dovecot
log_timestamp = "%Y%m%d-%H%M%S "
mail_debug = yes
mail_gid = staff
mail_location = mbox:~/Mail:INBOX=/var/mail/%u
mail_privileged_group = mail
mail_uid = _dovecot
passdb {
     args = password=*** host=localhost nopasswd=y
     driver = static
}
passdb {
     args = login
     driver = pam
}
protocols = imap
service auth {
     user = root
}
service imap-login {
     inet_listener imap {
       address = *
       port = 143
     }
}
ssl = no
userdb {
     driver = passwd
}


    