On Sun, Oct 28, 2007 at 03:57:22PM +0200, Timo Sirainen wrote: On Sun, 2007-10-28 at 09:25 -0400, Adam McDougall wrote: > > userdb passwd { > > args = system_user= > > } This works only with v1.1. v1.0 just ignores it.
Hmm. I might be able to get by without this. > Looks like it overrides the system_user with empty value and Dovecot > ends up calling initgroups(""). I'm not sure what that does, if > anything. This fixes it: http://hg.dovecot.org/dovecot/rev/7f2501b3e993 > > Upon some further testing, this patch doesn't seem to do anything, because > for some reason 1.1 allows me to login when I am in too many groups, but > 1.0 fails (this is where I saw the errors), and both versions seem to act the same > with or without the patch. When I use mail_executable to run a shell script to > report group membership, on both servers I still see the full list when using > system_user= and mail_extra_groups but I don't see the group I set in mail_extra_groups. > I'm not sure what to think, is there a good place to stick in some debugging? Have you set mail_drop_priv_before_exec=yes? If not, it should still be running as root in your mail_executable. If it's "no", I'm not really sure.. I have not changed it ever, dovecot -n does not report it. auth_debug=yes at least shows what auth process sends to master. It should show empty system_user.