On Wed, 11 May 2011 18:52:21 +0300 Timo Sirainen wrote:
[ ... ]
- script-login binary wasn't actually dropping privileges to the user/group/chroot specified by its service settings.
This version gives problems with my post-login script to track last usage, which works perfect with 2.0.12.
Error messages:
May 11 20:38:53 seymour dovecot: master: Dovecot v2.0.13 starting up (core dumps disabled) May 11 20:39:01 seymour dovecot: imap-login: Login: frank, 192.168.28.53, TLS May 11 20:39:01 seymour dovecot: imap-postlogin: Error: script-login: Error: user frank: Error reading configuration: net_connect_unix(/var/run/dovecot/config) failed: Permission denied May 11 20:39:01 seymour dovecot: imap-postlogin: Error: script-login: Fatal: Internal error occurred. Refer to server log for more information. May 11 20:39:01 seymour dovecot: log: Error: service(imap-postlogin): child 8651 returned error 89 (Fatal failure) May 11 20:39:01 seymour dovecot: imap(frank): Post-login script denied access to user frank
# 2.0.12: /usr/local/dovecot/etc/dovecot/dovecot.conf # OS: Linux 2.6.35.13-91.fc14.i686.PAE i686 Fedora release 14 (Laughlin) ext3 disable_plaintext_auth = no first_valid_uid = 200 last_valid_uid = 65534 listen = * login_greeting = c64.shuttle.de - IMAPs Service ready. login_log_format_elements = %u %r %c mail_location = maildir:/var/spool/mail/%u:INDEX=MEMORY mail_log_prefix = "%Us(%u,%r): " mail_plugins = " notify quota" passdb { args = dovecot driver = pam } plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append mail_log_fields = uid box from subject msgid size flags mail_log_group_events = yes quota = maildir:User quota quota_rule = *:storage=2G quota_rule2 = Trash:storage=+100M } protocols = imap service auth { unix_listener auth-client { group = exim mode = 0660 user = exim } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_min_avail = 3 } service imap-postlogin { executable = script-login /usr/dovecot/bin/imap-post-login user = dovecot } service imap { executable = imap imap-postlogin } ssl_cert =
Procedure "/usr/dovecot/bin/imap-post-login" simply writes a datestamp to a file with owner "frank".
Any pointer to solution welcome.
--Frank Elsner