Andrey Panin wrote: >> I've applied the patch to Dovecot 1.1.7 (with minor change to >> configure.in) on Solaris 10 sparc 64-bit but Dovecot fails on startup >> >> dovecot: Dec 18 12:45:47 Info: Dovecot v1.1.7 starting up >> dovecot: Dec 18 12:45:47 Fatal: auth(default): initgroups(root, 0) >> failed: Not owner >> dovecot: Dec 18 12:45:47 Fatal: Auth process died too early - shutting down >> >> The same config with vanilla Dovecot 1.1.7 works fine, so I'm guessing >> it dropped too many privileges. > > Can you try running "ppriv -D dovecot" to determine which privilege is > missing ? >
Difficult as the dovecot master process dies as soon as the dovecot-auth process ends. I ran a "truss -f" on it though and found: 26409: setppriv(PRIV_SET, PRIV_PERMITTED, {0250004b0400000000000000}) = 0 26409: setppriv(PRIV_SET, PRIV_EFFECTIVE, {0250004b0400000000000000}) = 0 ... 26411: setgroups(11, 0x0006C290) Err#1 EPERM [proc_setid] 26411: write(2, "01 F i n i t g r o u p s".., 40) = 40 26411: _exit(89) >From the setgroups manpage: ERRORS The getgroups() and setgroups() functions will fail if: ... EPERM The {PRIV_PROC_SETID} privilege is not asserted in the effective set of the calling process. I tried omitting PRIV_PROC_SETID from the list in capabilities-solaris.c but that doesn't seem to make much difference except 19468: setppriv(PRIV_SET, PRIV_PERMITTED, {0250004b0000000000000000}) = 0 19468: setppriv(PRIV_SET, PRIV_EFFECTIVE, {0250004b0000000000000000}) = 0 I don't know much about process privileges, but could it be that the dovecot-auth subprocess isn't inheriting the privileges from the master process? I can send you the whole truss files if you like. Best Wishes, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wake...@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094