Proxy testing in container( chown failed /var/dovecot/login)
I am testing a bit with the proxy, and trying to run dovecot as a normal user. (with cap bind_service). I was wondering what the minimum configuration is for running like a proxy.
I am now getting issues like unable to chown on /var/dovecot/login, but I do not need this in such a setup do I?
passdb { driver = static args = proxy=y host=192.168.11.10 nopassword=y }
You should probably disable chrooting for login services if you are running as non-root...
service imap-login {
chroot =
}
Aki
On 11.11.2019 14.59, Marc Roos via dovecot wrote:
I am testing a bit with the proxy, and trying to run dovecot as a normal user. (with cap bind_service). I was wondering what the minimum configuration is for running like a proxy.
I am now getting issues like unable to chown on /var/dovecot/login, but I do not need this in such a setup do I?
passdb { driver = static args = proxy=y host=192.168.11.10 nopassword=y }
I added this to the 10-master imap-login, pop3-login and submission-login, but keep this message
Doveconf still lists imap-urlauth-login with chroot = token-login, also when changing this one to chroot = the error persists.
Fatal: fchown() failed for /var/dovecot/login: Operation not permitted
-----Original Message----- Subject: Re: Proxy testing in container( chown failed /var/dovecot/login)
You should probably disable chrooting for login services if you are running as non-root...
service imap-login {
chroot =
}
Aki
On 11.11.2019 14.59, Marc Roos via dovecot wrote:
I am testing a bit with the proxy, and trying to run dovecot as a normal user. (with cap bind_service). I was wondering what the minimum
configuration is for running like a proxy.
I am now getting issues like unable to chown on /var/dovecot/login, but I do not need this in such a setup do I?
passdb { driver = static args = proxy=y host=192.168.11.10 nopassword=y }
I managed to work around this by putting these in the Dockerfile
(umask 027 ; mkdir /var/dovecot/login) && chown $DOVECOT_USER.dovenull /var/dovecot/login (umask 027 ; mkdir /var/dovecot/token-login) && chown $DOVECOT_USER.dovenull /var/dovecot/token-login
But now I am stuck with this socket service(ipc): chown(/var/dovecot/login/ipc-proxy,
Is there a way around this?
-----Original Message----- Subject: RE: Proxy testing in container( chown failed /var/dovecot/login)
I added this to the 10-master imap-login, pop3-login and submission-login, but keep this message
Doveconf still lists imap-urlauth-login with chroot = token-login, also when changing this one to chroot = the error persists.
Fatal: fchown() failed for /var/dovecot/login: Operation not permitted
-----Original Message----- Subject: Re: Proxy testing in container( chown failed /var/dovecot/login)
You should probably disable chrooting for login services if you are running as non-root...
service imap-login {
chroot =
}
Aki
On 11.11.2019 14.59, Marc Roos via dovecot wrote:
I am testing a bit with the proxy, and trying to run dovecot as a normal user. (with cap bind_service). I was wondering what the minimum
configuration is for running like a proxy.
I am now getting issues like unable to chown on /var/dovecot/login, but I do not need this in such a setup do I?
passdb { driver = static args = proxy=y host=192.168.11.10 nopassword=y }
participants (2)
-
Aki Tuomi
-
Marc Roos