On 1.8.2013, at 13.11, Axel Luttgens AxelLuttgens@swing.be wrote:
Le 30 juil. 2013 à 20:36, Axel Luttgens a écrit :
[...] Do you really mean "either", not "both"? I ask, because those patches seem to intervene at quite different levels (but I guess I'll have, one day or another, to get more acquainted with Dovecot's coding, so as not to come with such silly questions...). […]
I meant "either".
So, even if I could only test a unique mail uid/gid (i.e. dovemailer/dovemailer) kind of setup, I've applied both patches so as to verify they don't enter in conflict. On the other hand, trying to run the service as another user:
service quota-status { client_limit = 1 executable = quota-status -p postfix user = dovemailer group = dovemailer unix_listener /var/spool/postfix/private/quota-policyd { user = postfix } }
unfortunately still requires to relax the permissions on the config unix socket:
service config { unix_listener config { group = dovemailer mode = 0660 } }
so as to avoid such immediate failures:
quota-status: Fatal: Error reading configuration: net_connect_unix(/_ROOT/var/run/dovecot/config) failed: Permission denied master: Error: service(quota-status): command startup failed, throttling for 2 secs
Yeah. Hmm. I guess this is a good idea to fix too: http://hg.dovecot.org/dovecot-2.2/rev/eb63eca74471
Although now if the config process crashes, this error comes back and Dovecot can't fix it automatically. That's in my TODO as well. Config process never crashes though :)
But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query:
quota-status: Fatal: seteuid(0) failed: Operation not permitted