[Dovecot] ACLs, imap and launchd

Axel Luttgens AxelLuttgens at swing.be
Sun Jun 28 13:44:52 EEST 2009


Le 28 juin 09 à 03:54, Timo Sirainen a écrit :

> On Fri, 2009-06-26 at 10:33 +0200, Axel Luttgens wrote:
>> Wouldn't it be possible, for example, to consider using a system user
>> such as "nobody" (unless I'm wrong, it should be defined on any unix
>> flavor)?
>
> I guess. Done: http://hg.dovecot.org/dovecot-1.2/rev/2db158dd88be

Wow! Thank you, Timo.

So, I tried the patch but unfortunately got this in system.log:

	org.dovecot[41675]: Error: User dump-capability is missing GID (see  
mail_gid setting)
	org.dovecot[41675]: Fatal: Invalid configuration in /usr/local/etc/ 
dovecot.conf
	com.apple.launchd[1] (org.dovecot[41675]): Exited with exit code: 89
	com.apple.launchd[1] (org.dovecot): Throttling respawn: Will start in  
10 seconds
	... and so on ...

Seems to be related to the checks in create_mail_process(), where it  
is relied on a value of -1 as an indicator for "unset".
Now, on OSX, user "nobody" has 4294967294/4294967294 for uid/gid, or  
-2/-2; on the other hand, group "nogroup" has a gid equal to  
4294967295, or... -1.

Defining some value for mail_gid in dovectot.conf, even if otherwise  
not needed, makes above problem disappear.

But again, this is somewhat artificial (the same way I had to create a  
system user with an uid/gid set to 65534/65534).

I thus tried this variant:

	} else {
		/* try to use some existing user. at least osx launchd
			doesn't like non-existing users. */
		struct passwd *pw;

		/* written that way, this could be extended to some other
			candidate system users (e.g. daemon?) */
		if ( ((pw = getpwnam("nobody")) != NULL)
				&& (pw->pw_uid != (uid_t)-1) && (pw->pw_gid != (gid_t)-1) )
		{
			args[0] = t_strdup_printf("uid=%s", dec2str(pw->pw_uid));
			args[1] = t_strdup_printf("gid=%s", dec2str(pw->pw_gid));
		}
  	}

and dovecot now launched without complaining, even with an unset  
mail_gid.

Of course, this "solves" the problem in the precise case of OSX; but  
should be OK with, for example, Redhat or Solaris as well.


Sincerely,
Axel


More information about the dovecot mailing list