Andrey Panin wrote: > On 349, 12 14, 2008 at 08:03:25AM +0200, Timo Sirainen wrote: >> On Fri, 2008-11-21 at 15:30 +0300, Andrey Panin wrote: >>> Hello all, >>> >>> this patch allows master process to drop more root priveleges under >>> Solaris. My limited testing shows that code works, but I'm not sure >>> that defined privilege set is permissive enough for dovecot. >>> >>> Unfortunately I have no root access to our Solaris servers to really >>> test it. So if someone is ready to test this patch please do it :) >> Since no-one's offered to test perhaps I'll just put this into v1.2 and >> see if anyone complains? :) > > I have no objections for this plan :)
Sorry I missed this when first announced (wasn't paying attention I guess). I've applied the patch to Dovecot 1.1.7 (with minor change to configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0) failed: Not owner dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing it dropped too many privileges. We actually run our live Dovecot on a Solaris 8 box, but Solaris 8 doesn't support setppriv, I think. Best Wishes, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wake...@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
