[Dovecot] deliver setgid issues

Peter Fern dovecot at obfusc8.org
Thu Mar 16 07:35:53 EET 2006


A non-root process is not allowed to change it's privelages.

Brad wrote:

>Okay .. have dovecot set up with following settings :
>
>userdb static {
>    
>      args = uid=97 gid=97 home=/export/dovecot/mail/%d/%u
>mail=mbox:/export/dovecot/mbox/%d/%u/ 
>    }
>
>
>passdb passwd-file {
>    # Path for passwd-file
>    args = /etc/dovecot-passdb 
>  }
>
>Passdb works I think in the sense that I can log into dovecot using a
>regular mail client.
>
>The real issue is when I try to deliver any type of mail using
>dovecot-lda (deliver).
>
>deliver is setuid and setgid dovecot .. I event se the static mail dirs
>above to be owned by dovecot (I know .. a no no .. but wanted to trace
>down issue)
>
>I also have
>
>first_valid_uid = 96
>
>and 
>
>first_valid_uid = 96
>
>
>Now .. when I try to do this .. 
>
>
> echo "A Test Message" | /usr/local/libexec/dovecot/deliver -d
>existinguser
>
>
>I get this ..
>
>master in: USER   1       echo    service=deliver
>dovecot: Mar 11 23:45:24 Info: auth(default): master out: USER  1
>echo    uid=97  gid=97  home=/export/dovecot/mail//echo
>mail=mbox:/export/dovecot/mbox//echo/
>dovecot: Mar 11 23:45:24 Error: auth(default): 
>deliver: Fatal: setgroups(97) failed: Operation not permitted
>
>
>97 is the gid for the dovecot user .. which owns just about everything
>deliver could ever touch.
>
>What am I missing ?
>
>
>
>
>
>
>
>  
>


More information about the dovecot mailing list