Re: [Dovecot] doveadm -A stops processing at first uid

Mon, 05 Mar 2012 18:02:22 -0800 

On Sun, 4 Mar 2012, Timo Sirainen writes:


> I would like to run various doveadm commands that involves all (mail) users 
like
> > doveadm expunge -A mailbox Trash savedbefore 30d > > but any doveadm command that uses "-A" to iterate through all users will 
> stop processing at the first account with UID<first_valid_uid.

What userdb are you using? userdb passwd should already skip users that
aren't in the valid range. And what Dovecot version are you using?


passwd-file under dovecot 2.0.16.


And one more thing: Does it really even stop there? Looking at the code
it's supposed to log an error and continue to next user. Note that it says
"Failed to iterate through SOME users".


The wording did not escape my notice, which is why I suspect it's not doing
what it was designed to do.  This is my test:

        # Command
        doveadm mailbox list -A

        # Start of password file
        sysdaemon:*:500:500:System daemon:/:/dev/null
        ... and the rest ...

        # dovecot.conf
        ...
        first_valid_uid = 10000
        first_valid_gid = 10000
        ...

In this situation, doveadm will exit immediately with an UID error
message.  If I change the UID>10000, it will produce the analogous GID
error message.  If I satify both UID and GID constraints, it will fail
on the next daemon entry.  If I move the sysdaemon entry all the way to
the bottom of the pasword file, I get

        user1 saved-messages
        user1 sent-mail
        user1 postponed-msgs
        user1 temp
        user1 temp/temp
        user1 INBOX
        user2 sent-mail
        user2 101
        user2 345
        user2 ckf
        ... all user's mailbox with UID>10000, then ...
        doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: 
Mail access for users with UID 500 not permitted (see first_valid_uid in config 
file, uid from userdb lookup).
        doveadm(sysdaemon): Error: User init failed
        doveadm: Error: Failed to iterate through some users


Oh, it says about first_valid_gid. Is sysdaemon's UID within valid range?


Sorry for this error mismatch -- I cut&pasted the wrong test output;
however, the problem I witnessed applies to both UID and GID (if either
constraint is not met, user iteration terminates).


I also added this today: http://hg.dovecot.org/dovecot-2.1/rev/85a8d582d37f


It looks like I'll be upgrading.  Oh, I just spotted this in the ChangeLog --
maybe you are undoing this?

        (2010-10-21)
        * src/auth/auth-settings.c, src/auth/auth-settings.h, src/auth/userdb-
        passwd.c:
        auth: userdb passwd iteration now lists only users within
        first_valid_uid..last_valid_uid range.
        [745ef289b0ea]

Joseph Tam <jtam.h...@gmail.com>

Reply via email to