Re: Can’t authenticate any users after upgrade.

Helmut K. C. Tessarek tessarek at evermeet.cx
Fri Apr 6 05:02:26 EEST 2018


On 2018-04-05 02:34, B. Reino wrote:
> This way the fix survives any updates and you don't have to mess with
> package-provided files.

You'd also have to add the following:

CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL
CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT
CAP_SYS_RESOURCE CAP_AUDIT_WRITE

It won't work without CAP_AUDIT_WRITE, even, if NoNewPrivileges is set
to false, at least not on my server.

But as I've mentioned this _could_ be counterproductive if in the future
the systemd file that comes with dovecot is changed and you forget to
delete /etc/systemd/system/dovecot.service.d/NoNewPrivileges.conf again.


-- 
regards Helmut K. C. Tessarek              KeyID 0x172380A011EF4944
Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944

/*
   Thou shalt not follow the NULL pointer for chaos and madness
   await thee at its end.
*/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180405/074110d2/attachment.sig>


More information about the dovecot mailing list