We couldn't drop root group privileges
Hello. I have
- dovecot 2.3.21 (also tried 2.3.5)
- postfix 3.8.5 (also tried 3.8.4)
It's a new setup where I use postfix + dovecot-delivery for delivery to local mailbox. At logs I have an error and mail deffers in queue:
dovecot: [ID 702911 mail.crit] lda(poli@domain.com)<7808>: Fatal: We couldn't drop root group privileges (wanted=6(mail), gid=0(root), egid=0(root))
Postfix and dovecot start from root UID, but user dovecot/postfix has corresponding groups to run as specific group:
root@solaris:# id -a dovecot uid=110(dovecot) gid=110(dovecot) groups=110(dovecot),6(mail) root@solaris:# id -a postfix uid=26(postfix) gid=26(postfix) groups=26(postfix),6(mail) root@solaris:# id -a root uid=0(root) gid=0(root) groups=0(root),1(other),2(bin),3(sys),4(adm),6(mail),7(tty),8(lp),12(daemon)
Also, when I run a dtrace (a system call trace mechanism) I see, that dovecot-lda runs as group "mail" (gid=6), so, there isn't any problem, but dovecot thinks another:
UID GID PID PPID ARGS
0 26 7719 7638 pipe -n dovecot -t unix flags=DRhu user=nobody:mail argv=/usr/libexec/dovecot/d 60001 6 7720 7718 /usr/libexec/dovecot/dovecot-lda -f mega@domain.com -d poli@domain.com 60001 6 7720 7718 /usr/bin/amd64/doveconf -f service=lda -c /etc/dovecot/dovecot.conf -m lda -e / 60001 6 7720 7718 /usr/libexec/dovecot/dovecot-lda -f mega@domain.com -d poli@domain.com
What exactly dovecot wants and how to solve this error?
Here is part of "dovecot -n" output which is corresponding to user/group/lda:
# 2.3.5.1 (7ec6d0ade): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.6 (92dc263a) # OS: SunOS 5.11 i86pc # Hostname: solaris auth_debug = yes auth_mechanisms = plain login auth_verbose = yes default_process_limit = 99 disable_plaintext_auth = no first_valid_gid = 6 first_valid_uid = 60001 last_valid_gid = 6 last_valid_uid = 60001 mail_access_groups = mail mail_debug = yes mail_gid = 6 mail_location = /var/mail/vmail/%u@%d mail_max_userip_connections = 99 mail_privileged_group = mail mail_uid = 60001 maildir_very_dirty_syncs = yes ... service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } ... protocol lda { mail_plugins = " sieve" postmaster_address = postmaster }
PS. Also, I have aother box with very old setup (dovecot 2.2.27) and it works with the same configuration without any errors. I thought that this is OS specific problem and tried on the same version OS run a dovecot 2.3.21, but still had an errors.
Hello. It's a postfix + Solaris related problem. Postfix needs an ALL privileges when started as service.
participants (1)
-
forumforeign