A non-root process is not allowed to change it's privelages.
Brad wrote:
Okay .. have dovecot set up with following settings :
userdb static {
args = uid=97 gid=97 home=/export/dovecot/mail/%d/%umail=mbox:/export/dovecot/mbox/%d/%u/ }
passdb passwd-file { # Path for passwd-file args = /etc/dovecot-passdb }
Passdb works I think in the sense that I can log into dovecot using a regular mail client.
The real issue is when I try to deliver any type of mail using dovecot-lda (deliver).
deliver is setuid and setgid dovecot .. I event se the static mail dirs above to be owned by dovecot (I know .. a no no .. but wanted to trace down issue)
I also have
first_valid_uid = 96
and
first_valid_uid = 96
Now .. when I try to do this ..
echo "A Test Message" | /usr/local/libexec/dovecot/deliver -d existinguser
I get this ..
master in: USER 1 echo service=deliver dovecot: Mar 11 23:45:24 Info: auth(default): master out: USER 1 echo uid=97 gid=97 home=/export/dovecot/mail//echo mail=mbox:/export/dovecot/mbox//echo/ dovecot: Mar 11 23:45:24 Error: auth(default): deliver: Fatal: setgroups(97) failed: Operation not permitted
97 is the gid for the dovecot user .. which owns just about everything deliver could ever touch.
What am I missing ?