On 353, 12 18, 2008 at 12:50:11PM +0000, Chris Wakelin wrote: > Andrey Panin wrote: > > On 349, 12 14, 2008 at 08:03:25AM +0200, Timo Sirainen wrote: > >> On Fri, 2008-11-21 at 15:30 +0300, Andrey Panin wrote: > >>> Hello all, > >>> > >>> this patch allows master process to drop more root priveleges under > >>> Solaris. My limited testing shows that code works, but I'm not sure > >>> that defined privilege set is permissive enough for dovecot. > >>> > >>> Unfortunately I have no root access to our Solaris servers to really > >>> test it. So if someone is ready to test this patch please do it :) > >> Since no-one's offered to test perhaps I'll just put this into v1.2 and > >> see if anyone complains? :) > > > > I have no objections for this plan :) > > Sorry I missed this when first announced (wasn't paying attention I guess). > > I've applied the patch to Dovecot 1.1.7 (with minor change to > configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup > > dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up > dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0) > failed: Not owner > dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down > > The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing > it dropped too many privileges.
Can you try running "ppriv -D dovecot" to determine which privilege is missing ? > We actually run our live Dovecot on a Solaris 8 box, but Solaris 8 > doesn't support setppriv, I think.
