On Sun, Oct 28, 2007 at 03:57:22PM +0200, Timo Sirainen wrote:
On Sun, 2007-10-28 at 09:25 -0400, Adam McDougall wrote:
userdb passwd { args = system_user= }
This works only with v1.1. v1.0 just ignores it.
Hmm. I might be able to get by without this.
Looks like it overrides the system_user with empty value and Dovecot ends up calling initgroups(""). I'm not sure what that does, if anything. This fixes it: http://hg.dovecot.org/dovecot/rev/7f2501b3e993
Upon some further testing, this patch doesn't seem to do anything, because for some reason 1.1 allows me to login when I am in too many groups, but 1.0 fails (this is where I saw the errors), and both versions seem to act the same with or without the patch. When I use mail_executable to run a shell script to report group membership, on both servers I still see the full list when using system_user= and mail_extra_groups but I don't see the group I set in mail_extra_groups. I'm not sure what to think, is there a good place to stick in some debugging?
Have you set mail_drop_priv_before_exec=yes? If not, it should still be running as root in your mail_executable. If it's "no", I'm not really sure..
I have not changed it ever, dovecot -n does not report it.
auth_debug=yes at least shows what auth process sends to master. It should show empty system_user.