[Dovecot] doveadm -A stops processing at first uid<first_valid_uid
I would like to run various doveadm commands that involves all (mail) users like
doveadm expunge -A mailbox Trash savedbefore 30dbut any doveadm command that uses "-A" to iterate through all users will stop processing at the first account with UID<first_valid_uid.
doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop
privileges: Mail access for users with GID 5551 not permitted
(see first_valid_gid in config file, gid from userdb lookup).
doveadm(sysdaemon): Error: User init failed
doveadm: Error: Failed to iterate through some usersHowever, these accounts are system accounts (locked password, no shell) and are in userdb to provide UID<->name mapping for utilities like ls, chown, etc.
There are various workaround like iterating manually, or setting first_valid_uid to zero, or even reordering users to put all system accounts at the end, but is there a better way to do this?
Joseph Tam <jtam.home@gmail.com>
On 1.3.2012, at 10.44, Joseph Tam wrote:
I would like to run various doveadm commands that involves all (mail) users like
doveadm expunge -A mailbox Trash savedbefore 30d
but any doveadm command that uses "-A" to iterate through all users will stop processing at the first account with UID<first_valid_uid.
doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: Mail access for users with GID 5551 not permitted (see first_valid_gid in config file, gid from userdb lookup). doveadm(sysdaemon): Error: User init failed doveadm: Error: Failed to iterate through some users
However, these accounts are system accounts (locked password, no shell) and are in userdb to provide UID<->name mapping for utilities like ls, chown, etc.
What userdb are you using? userdb passwd should already skip users that aren't in the valid range. And what Dovecot version are you using?
On 1.3.2012, at 10.44, Joseph Tam wrote:
doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: Mail access for users with GID 5551 not permitted (see first_valid_gid in config file, gid from userdb lookup).
Oh, it says about first_valid_gid. Is sysdaemon's UID within valid range?
I also added this today: http://hg.dovecot.org/dovecot-2.1/rev/85a8d582d37f
On 1.3.2012, at 10.44, Joseph Tam wrote:
but any doveadm command that uses "-A" to iterate through all users will stop processing at the first account with UID<first_valid_uid.
doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: Mail access for users with GID 5551 not permitted (see first_valid_gid in config file, gid from userdb lookup). doveadm(sysdaemon): Error: User init failed doveadm: Error: Failed to iterate through some users
And one more thing: Does it really even stop there? Looking at the code it's supposed to log an error and continue to next user. Note that it says "Failed to iterate through SOME users".
participants (2)
-
Joseph Tam
-
Timo Sirainen