[Dovecot] Can't drop root group privileges
Jackie Hunt
jackie at yuma.acns.colostate.edu
Wed Nov 29 17:29:48 UTC 2006
An update on my problem dropping root group privileges. I
discovered this is a problem for a user if they are in the
system group (gid 0). If I remove the user from the system
group, and leave them in their primary group, I don't see
the error.
I've tried setting first_valid_gid to something like 4, hoping
dovecot would filter out gid 0, but that doesn't work.
Still searching for an answer...
Jackie
>
> Hi all,
>
> I need your insight. I've been testing Dovecot on an AIX 5.2
> system. Compiled and running fine. We have some users on an
> AIX 5.1 system, so I'm working on installing it there, so we
> can do further testing.
>
> I'm using Dovecot 1.0 RC15 with OpenSSL 9.0.7e, configured to use
> port 10143 (imap) and 10993 (imaps). The error I'm seeing in the log is:
>
> dovecot: Nov 28 09:23:54 Info: imap-login: Login: user=<jackie>, method=PLAIN, r
> ip=xx.x.xxx.xxx, lip=xxx.xx.xxx.xx, TLS
> dovecot: Nov 28 09:23:54 Error: IMAP(jackie): We couldn't drop root group privil
> eges (wanted=200, gid=200, egid=0)
> dovecot: Nov 28 09:23:54 Error: child 860274 (imap) returned error 89
>
> I've seen this error reported on the list, with the suggested resolution
> being to set the first_valid_gid = 0 in dovecot.conf. I've tried that,
> and nothing changes.
>
> Any help would be greatly appreciated!
>
> Jackie
> ---
> Jackie Hunt
> ACNS Voice: (970) 663-3789
> Colorado State University FAX: (970) 491-1958
> Fort Collins, CO 80523 Email: jackie.hunt at colostate.edu
>
Jackie Hunt
ACNS Voice: (970) 663-3789
Colorado State University FAX: (970) 491-1958
Fort Collins, CO 80523 Email: jackie.hunt at colostate.edu
More information about the dovecot
mailing list