Curtis Maloney wrote:
I ran into this problem with the later test versions on Solaris 9. Joshua Goodall gave me a two line patch (which i don't have here, I'm afraid) to revert this check which came in around test43 (from memory).
A check of the list archives finds his recommendation was to use src/lib/restrict-access.c revision 1.13 from CVS.
Ah good, it's not just me. I've had a bit more of a play and I understand it a bit better. Looks like restrict_access_by_env() is being called in 2 different contexts - once to establish the "dovecot" user , once as root (presumably in the auth daemon). The call as root fails because the program tries setgid() to prove it can't, but as root this works. The following patch (to test49 version of lib/restrict-access.c) works for me, but I'm not going to pretend I understand dovecot's auth framework well enough to know if this is harmless. (Beware cut-n-paste whitespace munching). --- src/lib/restrict-access.c.DIST 2004-09-24 23:04:31.000000000 +1000 +++ src/lib/restrict-access.c 2004-10-18 15:04:36.716002000 +1000 @@ -204,7 +204,7 @@ env = getenv("RESTRICT_GID_FIRST"); if (gid != 0 || (env != NULL && atoi(env) != 0)) { - if (getgid() == 0 || getegid() == 0 || setgid(0) == 0) { + if (getgid() == 0 || getegid() == 0 || (uid != 0 && setgid(0) == 0)) { if (gid == 0) i_fatal("GID 0 isn't permitted"); i_fatal("We couldn't drop root group privileges "