On 11.10.2018 09:28, Heiko W. Rupp wrote:
Hello,
I have recently upgraded to macOS 10.14 (Mojave) and am running into an issue where one use can no longer log into dovecot via imap. Log shows
Oct 11 08:10:27 imap(hwr)<12659>
: Fatal: setgroups(501) failed: Too many extra groups and indeed, the user is in 17 groups, which is more than NGROUPS_MAX (16). Another user with << 16 groups can log in fine. Unfortunately it is not (easily) doable to reduce the number of groups, as macOS seems to set them internally.
Is there a config option that I am missing to work around this?
Looking at the source, I see this is handled in src/lib/restrict-access.c::fix_groups_list(), where above the call to setgroups() a gid_list2 is constructed. I wonder if one could have a config option to prevent adding all those extra groups, which then make the call to setgroups() fail
Any help appreciated Heiko
Not trivially. We would need to know which groups to drop and which not.
Aki