[Dovecot] localhost deliver(root@vlocalhost): setgid(5001) failed with euid=8, gid=8, egid=8: Operation not permitted
How can i give lda dovecot permision to set user and goup id to 5001
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
Install it setuid root as described here http://wiki.dovecot.org/LDA.
Alexander
Gert Cuykens wrote:
How can i give lda dovecot permision to set user and goup id to 5001
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
but deliver is already root ?
and master is set as
master { path = /var/run/dovecot/auth-master mode = 0600 user = mail group = mail }
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rwxr-xr-x 1 root root 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
i am sorry i dont understand what i need to do ?
On Sat, Apr 12, 2008 at 4:03 PM, Alexander Prinsier <dovecot@aphexer.mailhaven.com> wrote:
Install it setuid root as described here http://wiki.dovecot.org/LDA.
Alexander
Gert Cuykens wrote:
How can i give lda dovecot permision to set user and goup id to 5001
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
I meant _setuid_ root, not owner root. You better lookup what this means on google before doing it.
Reread the instructions on http://wiki.dovecot.org/LDA (section Multiple UIDs). Set the group of the directory deliver is in to the same user that postfix will use to run deliver. (You appear to be using 'mail').
See the manual page of chmod to know how to set a program setuid root.
Alexander
Gert Cuykens wrote:
but deliver is already root ?
and master is set as
master { path = /var/run/dovecot/auth-master mode = 0600 user = mail group = mail }
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rwxr-xr-x 1 root root 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
i am sorry i dont understand what i need to do ?
On Sat, Apr 12, 2008 at 4:03 PM, Alexander Prinsier <dovecot@aphexer.mailhaven.com> wrote:
Install it setuid root as described here http://wiki.dovecot.org/LDA.
Alexander
Gert Cuykens wrote:
How can i give lda dovecot permision to set user and goup id to 5001
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
a thank you :) Now i learned something really important today
chmod u+s /usr/lib/dovecot/deliver
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rwsr-xr-x 1 root root 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
I think i am almost there but now i get
Apr 12 19:01:40 localhost deliver(root@vlocalhost): postmaster_address setting not given
You realize that this way anyone can send email do any mailbox directly by invoking deliver? The instructions told you to make a subdirectory, and only give access to that subdirectory to users that need to be able to deliver to any user. Then place a copy of deliver with setuid root in that subdirectory.
You probably forgot to set postmaster_address in the lda section of dovecot.conf.
Alexander
Gert Cuykens wrote:
a thank you :) Now i learned something really important today
chmod u+s /usr/lib/dovecot/deliver
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rwsr-xr-x 1 root root 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
I think i am almost there but now i get
Apr 12 19:01:40 localhost deliver(root@vlocalhost): postmaster_address setting not given
Victory !!!
Apr 12 19:50:51 localhost deliver(root@vlocalhost): msgid=<20080412175051.67AD1490087@localhost.localdomain>: saved mail to INBOX
Now the security part, i was thinking that this would work also
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rws------ 1 mail mail 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
but it doesnt, changing it to user postfix also doesnt work ?
A i know why i mis understood the set uid bit, i though the owner would gain root permission, sorry :)
Am 12.04.2008 20:07 schrieb Gert Cuykens:
[…] Now the security part, i was thinking that this would work also
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rws------ 1 mail mail 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
but it doesnt, changing it to user postfix also doesnt work ?
OK, step by step.
- chown 0.0 /usr/lib/dovecot/deliver
- chmod 755 /usr/lib/dovecot/deliver
- find out the user from postfix's master.cf (... flags=DRhu user=nobody:mail argv=/usr/.../deliver) ^^^^^^ NOT: root, dovecot or postfix!
- mkdir /usr/local/lib/dovecot
- chmod 700 /usr/local/lib/dovecot
- chown nobody /usr/local/lib/dovecot
- cp -p /usr/lib/dovecot/deliver /usr/local/lib/dovecot
- chmod u+s /usr/local/lib/dovecot/deliver
- apply the path from 8. to argv from service dovecot in postfix's master.cf
- restart postfix and enjoy
HTH Pascal
On Sat, Apr 12, 2008 at 8:25 PM, Pascal Volk <user+dovecot@localhost.localdomain.org> wrote:
Am 12.04.2008 20:07 schrieb Gert Cuykens:
[…]
Now the security part, i was thinking that this would work also
root@localhost:~# ls -al /usr/lib/dovecot/deliver -rws------ 1 mail mail 563112 2008-03-31 21:05 /usr/lib/dovecot/deliver root@localhost:~#
but it doesnt, changing it to user postfix also doesnt work ?
OK, step by step.
- chown 0.0 /usr/lib/dovecot/deliver
- chmod 755 /usr/lib/dovecot/deliver
- find out the user from postfix's master.cf (... flags=DRhu user=nobody:mail argv=/usr/.../deliver) ^^^^^^ NOT: root, dovecot or postfix!
- mkdir /usr/local/lib/dovecot
- chmod 700 /usr/local/lib/dovecot
- chown nobody /usr/local/lib/dovecot
- cp -p /usr/lib/dovecot/deliver /usr/local/lib/dovecot
- chmod u+s /usr/local/lib/dovecot/deliver
- apply the path from 8. to argv from service dovecot in postfix's master.cf
- restart postfix and enjoy
ok that works thanks :)
participants (3)
-
Alexander Prinsier
-
Gert Cuykens
-
Pascal Volk