dying on osx

James Brown jlbrown at bordo.com.au
Tue Sep 4 08:23:38 EEST 2018 

Mike, I’m having the exact same issue on macOS X 10.13.6 (High Sierra). I’ve installed Dovecot using Homebrew.

The number after ‘Setgroups’ is the Group ID of the user you’ve specified. 

Log entry for me:

Aug 28 11:57:21 imap-login: Info: Login: user=<user1 at bordo.com.au <mailto:user1 at bordo.com.au>>, method=PLAIN, rip=::1, lip=::1, mpid=57665, secured, session=<V7GIJ3V0//MAAAAAAAAAAAAAAAAAAAAB>
Aug 28 11:57:21 imap(user1)<57665><V7GIJ3V0//MAAAAAAAAAAAAAAAAAAAAB>: Fatal: setgroups(mail,6) failed: Too many extra groups
Aug 28 12:00:45 master: Warning: Killed with signal 15 (by pid=71449 uid=0 code=unknown 0)

I managed to get it to work my changing default_login_user and default_internal_user to me my username.

Obviously not ideal!

However it was the only way I could get it not to give the setgroups error.

I spent ages trying with _dovecot and _dovenull to no avail.

id _dovecot
uid=214(_dovecot) gid=6(mail) groups=6(mail), … and a few more

id _dovenull
uid=227(_dovenull) gid=227(_dovenull) groups=227(_dovenull),12(everyone),61(localaccounts),703(com.apple.sharepoint.group.3),702(com.apple.sharepoint.group.2),701(com.apple.sharepoint.group.1),100(_lpoperator)

Dovecot 2.3.2.1.

Thanks,

James.

> On 11 Aug 2018, at 5:08 am, Mike Makuch <1mikemakuch at gmail.com <mailto:1mikemakuch at gmail.com>> wrote:
> 
> I found and tried this work around on the man page: https://www.unix.com/man-page/all/5/ngroups_max/ <https://www.unix.com/man-page/all/5/ngroups_max/> but I still get the same "Too many extra groups" error even when I start dovecot with the above program to limit the # of groups. I suspect that dovecot is adding a number of groups when it starts up.
> 
> I've hacked a work around to get it working for me on my laptop:
> 
> diff --git a/src/lib/restrict-access.c b/src/lib/restrict-access.c
> 
> @@ -224,7 +224,12 @@ static void fix_groups_list(const struct restrict_access_settings *set,
>  
> -    if (setgroups(gid_count, gid_list) < 0) {
> 
> +    if (setgroups(gid_count > NGROUPS_MAX ? 16 : gid_count, gid_list) < 0) {
>          if (errno == EINVAL) {
>              i_fatal("setgroups(%s) failed: Too many extra groups",
>                  set->extra_groups == NULL ? "" :
> 
> and this works.
> I'm not sure what the right solution is for a PR. Any suggestions?
> 
> Thanks
> 
> Mike
> 
> 
> 
> On 8/10/18 11:04, Aki Tuomi wrote:
>> Is the user member of mail group?
>> 
>> 
>> 
>> ---
>> Aki Tuomi
>> Dovecot oy
>> 
>> -------- Original message --------
>> From: Mike Makuch <1mikemakuch at gmail.com> <mailto:1mikemakuch at gmail.com>
>> Date: 10/08/2018 19:02 (GMT+02:00)
>> To: Aki Tuomi <aki.tuomi at dovecot.fi> <mailto:aki.tuomi at dovecot.fi>
>> Cc: dovecot at dovecot.org <mailto:dovecot at dovecot.org>
>> Subject: Re: dying on osx
>> 
>> Maybe an old problem that has resurfaced???
>> 
>> https://bugzilla.samba.org/show_bug.cgi?id=8773 <https://bugzilla.samba.org/show_bug.cgi?id=8773>
>> Mike
>> 
>> 
>> 
>> On 8/10/18 10:54, Aki Tuomi wrote:
>>> I have to see if this is reproducible outside mac. 
>>> 
>>> 
>>> 
>>> ---
>>> Aki Tuomi
>>> Dovecot oy
>>> 
>>> -------- Original message --------
>>> From: Mike Makuch <1mikemakuch at gmail.com> <mailto:1mikemakuch at gmail.com>
>>> Date: 10/08/2018 18:46 (GMT+02:00)
>>> To: Aki Tuomi <aki.tuomi at dovecot.fi> <mailto:aki.tuomi at dovecot.fi>
>>> Subject: Re: dying on osx
>>> 
>>> I did find that page and tried a few things there. My config has all of 
>>> the settings there except 3:
>>> 
>>> mail_access_groups = mail
>>> mbox_read_locks = fcntl
>>> mbox_write_locks = fcntl
>>> 
>>> I add them to my config, restart and get the same abort
>>> 
>>> 20180810-103849 imap(mkm)<79213><MkA5ihZzmdh/AAAB>: Fatal: 
>>> setgroups(mail,505) failed: Too many extra groups
>>> 
>>> I've tried numerous other settings as well.
>>> 
>>> Thanks for any further advice
>>> 
>>> Mike
>>> 
>>> 
>>> On 8/10/18 08:45, Aki Tuomi wrote:
>>> > Can you try this config and report back?
>>> >
>>> > https://superuser.com/questions/957272/dotlock-permissions-problems-with-dovecot-and-os-x-10-10-3 <https://superuser.com/questions/957272/dotlock-permissions-problems-with-dovecot-and-os-x-10-10-3>
>>> >
>>> > Aki
>>> >
>>> >> On 10 August 2018 at 16:39 Mike Makuch <1mikemakuch at gmail.com> <mailto:1mikemakuch at gmail.com> wrote:
>>> >>
>>> >>
>>> >> OSX 10.13.6 High Sierra, dovecot 2.3.2.1
>>> >>
>>> >> dovecot starts up and runs but dies as soon as my mail client makes a
>>> >> request with log and config below.
>>> >>
>>> >> And advice appreciated.
>>> >>
>>> >> Thanks
>>> >>
>>> >> Mike
>>> >>
>>> >>
>>> >>
>>> >> 20180810-083730 auth: Debug: auth client connected (pid=77432)
>>> >>
>>> >> 20180810-083730 auth: Debug: client in: AUTH    1    PLAIN
>>> >> service=imap    secured    session=xo1p2BRzZNd/AAAB lip=127.0.0.1
>>> >> rip=127.0.0.1    lport=143    rport=55140
>>> >> 20180810-083730 auth: Debug: client passdb out: CONT    1
>>> >> 20180810-083730 auth: Debug: client in: CONT    1 AG1rbQBta20xMjM=
>>> >> (previous base64 data may contain sensitive data)
>>> >> 20180810-083730 auth: Debug: static(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>):
>>> >> lookup
>>> >> 20180810-083730 auth: Debug: client passdb out: OK    1 user=mkm
>>> >> host=localhost    nopasswd=y
>>> >> 20180810-083730 auth: Debug: master in: REQUEST    4201906177 77432
>>> >> 1    b8126b4b71be2959fc7716888eccc566 session_pid=77433
>>> >> request_auth_token
>>> >> 20180810-083730 auth-worker(77426): Debug:
>>> >> passwd(mkm,127.0.0.1,<xo1p2BRzZNd/AAAB>): lookup
>>> >> 20180810-083730 auth: Debug: master userdb out: USER 4201906177
>>> >> mkm    system_groups_user=mkm    uid=503 gid=20    home=/Users/mkm
>>> >> auth_token=4d2bb44168df3d63e4e1bb352e59de632bc7da49
>>> >> 20180810-083730 imap-login: Info: Login: user=<mkm>, method=PLAIN,
>>> >> rip=127.0.0.1, lip=127.0.0.1, mpid=77433, secured,
>>> >> session=<xo1p2BRzZNd/AAAB>
>>> >> 20180810-083730 imap(mkm)<77433><xo1p2BRzZNd/AAAB>: Fatal:
>>> >> setgroups(505) failed: Too many extra groups
>>> >>
>>> >> # doveconf -n
>>> >> # 2.3.2.1 (0719df592): /usr/local/etc/dovecot/dovecot.conf
>>> >> # OS: Darwin 17.7.0 x86_64
>>> >> # Hostname: pine
>>> >> auth_debug = yes
>>> >> auth_debug_passwords = yes
>>> >> default_internal_user = _dovecot
>>> >> default_login_user = _dovenull
>>> >> disable_plaintext_auth = no
>>> >> listen = 127.0.0.1
>>> >> log_path = /var/log/dovecot
>>> >> log_timestamp = "%Y%m%d-%H%M%S "
>>> >> mail_debug = yes
>>> >> mail_gid = staff
>>> >> mail_location = mbox:~/Mail:INBOX=/var/mail/%u
>>> >> mail_privileged_group = mail
>>> >> mail_uid = _dovecot
>>> >> passdb {
>>> >>     args = password=*** host=localhost nopasswd=y
>>> >>     driver = static
>>> >> }
>>> >> passdb {
>>> >>     args = login
>>> >>     driver = pam
>>> >> }
>>> >> protocols = imap
>>> >> service auth {
>>> >>     user = root
>>> >> }
>>> >> service imap-login {
>>> >>     inet_listener imap {
>>> >>       address = *
>>> >>       port = 143
>>> >>     }
>>> >> }
>>> >> ssl = no
>>> >> userdb {
>>> >>     driver = passwd
>>> >> }
>>> >>
>>> >>
>>> 
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20180904/1d3b1e41/attachment-0001.html>

More information about the dovecot mailing list