On Fri, Mar 19, 2010 at 6:02 PM, Mark Moseley moseleymark@gmail.com wrote:
On Fri, Mar 19, 2010 at 5:58 PM, Timo Sirainen tss@iki.fi wrote:
On 20.3.2010, at 2.54, Mark Moseley wrote:
Been digging through the list archives but I didn't see anything about this specifically.
There is actually: http://dovecot.org/list/dovecot/2009-December/045139.html
Awesome, thanks! I'm at an embarrassing loss though as to how I missed that.
Should 'script' respect the first_valid_uid setting in the main config file? I don't see it actually reading the conf files, nor is it passed in the env. I can see 'script' connecting to /var/run/dovecot//config and reading/writing from it ok. But when 'script' runs, right after talking to the config socket and before exec'ing anything, it bails out with:
imap-postlogin: script: Fatal: Mail access for users with UID 200 not permitted (see first_valid_uid in config file)
even though "first_valid_uid" is set to 199 in my test box's dovecot.conf. In the course of debugging, I also tried setting "mail_uid=200" and "last_valid_uid=201" but neither helped. I also tried various permutations of drop_priv_before_exec on service 'imap' and 'imap-postlogin'. The actual imap/pop3 processes are perfectly happy though with uid 200. It's just 'script' that takes exception.
When it talks to the config socket, it sends (slightly obfuscated, so don't mind byte count):
15:37:20.090361 write(11, "VERSION\tconfig\t2\t0\nREQ\tmodule=script\tservice=script\tuser=benchmark@test\tlip=192.168.152.1\trip=192.168.152.1\n"..., 129) = 129
and gets back:
15:37:20.090894 read(11, "service-uses-local\tused-local\t\n\n"..., 4096) = 32
the other modules talking to the config socket seem to get a whole lot more output. This was the case for Fri's checkout as well as beta4 (tried today's checkout but compiling dies with "../../src/lib-storage/.libs/libdovecot-storage.so: undefined reference to `sdbox_copy'").
If I edit all the occurrences for first_valid_uid in (didn't try different permutations to see which actually worked):
src/master/master-settings.c src/config/all-settings.c src/lib-storage/mail-storage-settings.c
and hardcode to 199, it starts working. In dovecot -a output, I don't see anywhere that the first_valid_uid could overridden in service imap or imap-postlogin.