Andrey Panin wrote:
On 349, 12 14, 2008 at 08:03:25AM +0200, Timo Sirainen wrote:
On Fri, 2008-11-21 at 15:30 +0300, Andrey Panin wrote:
Hello all,
this patch allows master process to drop more root priveleges under Solaris. My limited testing shows that code works, but I'm not sure that defined privilege set is permissive enough for dovecot.
Unfortunately I have no root access to our Solaris servers to really test it. So if someone is ready to test this patch please do it :) Since no-one's offered to test perhaps I'll just put this into v1.2 and see if anyone complains? :)
I have no objections for this plan :)
Sorry I missed this when first announced (wasn't paying attention I guess).
I've applied the patch to Dovecot 1.1.7 (with minor change to configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup
dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0) failed: Not owner dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down
The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing it dropped too many privileges.
We actually run our live Dovecot on a Solaris 8 box, but Solaris 8 doesn't support setppriv, I think.
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094