[Dovecot] imap can't reconnect to auth-master after setuid
With service imap { client_limit = 5, service_count = 0 }, when the auth process crashes the existing imap processes cannot reconnect to the auth-master socket because they have long ago dropped root privileges. Is the right solution to this: (1) change the perms on the auth-master socket so processes running as vmail:vmail can connect to it, or (2) change the code so that multi-client imap processes stop accepting new clients when they notice an auth bounce?
If (1), the wiki should be updated to mention this.
Thanks.
On 27.10.2010, at 22.25, Mike Abbott wrote:
With service imap { client_limit = 5, service_count = 0 },
This still isn't all that recommended, since one connection can hang other connections in same process.
when the auth process crashes
Which of course shouldn't happen :)
the existing imap processes cannot reconnect to the auth-master socket because they have long ago dropped root privileges. Is the right solution to this: (1) change the perms on the auth-master socket so processes running as vmail:vmail can connect to it, or (2) change the code so that multi-client imap processes stop accepting new clients when they notice an auth bounce?
Hmm. I'd prefer (2). I'll see about implementing it next week (I'm traveling this week).
participants (2)
-
Mike Abbott
-
Timo Sirainen