Le 30 juil. 2013 à 20:36, Axel Luttgens a écrit :
[...] Do you really mean "either", not "both"? I ask, because those patches seem to intervene at quite different levels (but I guess I'll have, one day or another, to get more acquainted with Dovecot's coding, so as not to come with such silly questions...). [...]
So, even if I could only test a unique mail uid/gid (i.e. dovemailer/dovemailer) kind of setup, I've applied both patches so as to verify they don't enter in conflict.
Seems to be fine now with my initial attempt:
service quota-status {
client_limit = 1
executable = quota-status -p postfix
unix_listener /var/spool/postfix/private/quota-policyd {
user = postfix
}
}
as far as the switch from root to dovemailer is concerned: the service doesn't complain anymore about not being able to access the config.
On the other hand, trying to run the service as another user:
service quota-status {
client_limit = 1
executable = quota-status -p postfix
user = dovemailer
group = dovemailer
unix_listener /var/spool/postfix/private/quota-policyd {
user = postfix
}
}
unfortunately still requires to relax the permissions on the config unix socket:
service config {
unix_listener config {
group = dovemailer
mode = 0660
}
}
so as to avoid such immediate failures:
quota-status: Fatal: Error reading configuration: net_connect_unix(/_ROOT/var/run/dovecot/config) failed: Permission denied
master: Error: service(quota-status): command startup failed, throttling for 2 secs
But now a failure, very likely related to patch 2470bb9106b0, occurs at the first query:
quota-status: Fatal: seteuid(0) failed: Operation not permitted
Perhaps am I missing some needed setting in the case of that second config?
Axel