Re: Fatal: setgid from userdb lookup fails with wrong gid
Hi,
Not sure if this is it, but I used to have the same error when I started with dovecot.
Aki's response was the following (and solved my problem).
Hi!
You can't set
service imap { service_count = 256 }
if you are using multiple system UIDs. See https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve
*service_count* can be changed from 1 if only a single UID is used for mail users. This is improves performance, but it's less secure, because bugs in code may leak email data from another user's earlier connection.
Aki
Regards, Jeroen
Hello all,
I'm quite new as well to Dovecot, just installed it on a FreeBSD system with Postfix and Rspamd as side apps. Things are running semi-smoothly for all users but I do have quite a few errors in the logs :
Oct 13 19:43:56 apollo dovecot[24478]: imap(user1)<34412><zIeI9ZCxXDmsFhZG>: Fatal: setgid(1030(user1) from userdb lookup) failed with euid=1022(user4), gid=1022(user4), egid=1022(user4): Operation not permitted (This binary should probably be called with process group set to 1030(user1) instead of 1022(user4)) Oct 13 19:43:59 apollo dovecot[24478]: imap(user1)<37376><pPS79ZCx+kasFhZG>: Fatal: setgid(1030(user1) from userdb lookup) failed with euid=1124(user3), gid=1124(user3), egid=1124(user3): Operation not permitted (This binary should probably be called with process group set to 1030(user1) instead of 1124(user3)) Oct 13 19:46:45 apollo dovecot[24478]: imap(user2)<38858><3hOk/5CxVO1dBDTq>: Fatal: setgid(1136(user2) from userdb lookup) failed with euid=1038(user5), gid=1038(user5), egid=1038(user5): Operation not permitted (This binary should probably be called with process group set to 1136(user2) instead of 1038(user5)) Oct 13 19:48:55 apollo dovecot[24478]: imap(user3)<40607><jQtWB5GxHuwKAkQ2>: Fatal: setgid(1124(user3) from userdb lookup) failed with euid=1022(user4), gid=1022(user4), egid=1022(user4): Operation not permitted (This binary should probably be called with process group set to 1124(user3) instead of 1022(user4))
There seems to be confusion. The logs are trying to be helpful but I can't quite process it. Could someone point me in the right direction ?
system is used by about 60 users.
Thanks,
j.
--
doveconf -n # 2.3.11.3 (502c39af9): /usr/local/etc/dovecot/dovecot.conf # Pigeonhole version 0.5.11 (d71e0372) # OS: FreeBSD 12.1-RELEASE-p10 amd64 # Hostname: apollo.domain1.tld auth_mechanisms = plain login cram-md5 auth_username_format = %Ln mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = type = private } passdb { args = scheme=cram-md5 /usr/local/etc/dovecot/cram-md5.pwd driver = passwd-file } plugin { imapsieve_mailbox1_before = file:/var/vmail/sieve/global/learn-spam.sieve imapsieve_mailbox1_causes = COPY imapsieve_mailbox1_name = Spam imapsieve_mailbox2_before = file:/var/vmail/sieve/global/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Spam imapsieve_mailbox2_name = * quota = maildir:User quota quota_exceeded_message = Benutzer %u hat das Speichervolumen überschritten. / User %u has exhausted allowed storage space. sieve = file:~/sieve;active=~/.dovecot.sieve sieve_before = /var/vmail/sieve/global/spam-global.sieve sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/local/bin sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster@apollo.domain1.tld protocols = imap lmtp sieve service auth { client_limit = 3000 unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service imap-login { service_count = 0 } service imap { process_min_avail = 4 service_count = 512 vsz_limit = 1 G } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } vsz_limit = 1 G } ssl_cert = </usr/local/etc/letsencrypt/live/apollo.domain1.tld/fullchain.pem ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes syslog_facility = local5 userdb { driver = passwd } protocol lda { mail_plugins = sieve } protocol lmtp { mail_plugins = quota sieve postmaster_address = postmaster@domain1.tld } protocol imap { mail_max_userip_connections = 100 mail_plugins = " quota imap_quota imap_sieve" } local_name imap.domain2.tld { ssl_cert = </usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem ssl_key = # hidden, use -P to show it } local_name mail.domain2.tld { ssl_cert = </usr/local/etc/letsencrypt/live/mail.domain2.tld/fullchain.pem ssl_key = # hidden, use -P to show it }
On 14/10/2020 09:11, J. de Meijer wrote:
Hi,
Not sure if this is it, but I used to have the same error when I started with dovecot.
Aki's response was the following (and solved my problem).
Hi!
You can't set
service imap { service_count = 256 }
if you are using multiple system UIDs. See https://wiki.dovecot.org/Services#imap.2C_pop3.2C_submission.2C_managesieve
*service_count* can be changed from 1 if only a single UID is used for
Hi Jeroen, thanks ! That did the trick. Back to service_count = 1 and errors stopped.
Best regards,
j.
participants (2)
-
J. de Meijer
-
Julien Beauviala