Re: Running Cyrus Imap under a different user
Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really interesting because in my tests it seems to have worked. Could you show us strings /proc/PID of master/environ and strings /proc/PID of imapd/environ? BTW, are you running Linux or another *X? Simon I just want the binaries to override system libs with mine :) (of course I could set system environemnt inside master profile or elsewhere, but this is not what I want to do. I can't touch any root system behaviour) Thanx again :) Gabriele. -= Mail sent through WebTop2 =- -- Da: Clement Hermann (nodens) A: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 20.59.53 CET Oggetto: Re: Running Cyrus Imap under a different user Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master = I tried connecting to local port 143, it connects and then waits forever. After that, I get this into imapd.log : Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11 Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally And then many retries To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 7.11.08 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really interesting because in my tests it seems to have worked. Could you show us strings /proc/ /environ and strings /proc/ /environ? BTW, are you running Linux or another *X? Simon I just want the binaries to override system libs with mine :) (of course I could set system environemnt inside master profile or elsewhere, but this is not what I want to do. I can't touch any root system behaviour) Thanx again :) Gabriele. -= Mail sent through WebTop2 =- -- Da: Clement Hermann (nodens) A: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 20.59.53 CET Oggetto: Re: Running Cyrus Imap under a different user Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire
Re: Running Cyrus Imap under a different user
Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master = I tried connecting to local port 143, it connects and then waits forever. After that, I get this into imapd.log : Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11 Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally And then many retries To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). That's why I asked for the environment dump on an imapd process. Please check it because there you will see how LD_LIBRARY_PATH looks like. If it's difficult to get a long running imapd process you could use a preforked cyrus.conf for that. Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 7.11.08 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really interesting because in my tests it seems to have worked. Could you show us strings /proc/ /environ and strings /proc/ /environ? BTW, are you running Linux or another *X? Simon I just want the binaries to override system libs with mine :) (of course I could set system environemnt inside master profile or elsewhere, but this is not what I want to do. I can't touch any root system behaviour) Thanx again :) Gabriele. -= Mail sent through WebTop2 =- -- Da: Clement Hermann (nodens) A: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 20.59.53 CET Oggetto: Re: Running Cyrus Imap under a different user Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child
Re: Running Cyrus Imap under a different user
The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 9.50.00 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master = I tried connecting to local port 143, it connects and then waits forever. After that, I get this into imapd.log : Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11 Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally And then many retries To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). That's why I asked for the environment dump on an imapd process. Please check it because there you will see how LD_LIBRARY_PATH looks like. If it's difficult to get a long running imapd process you could use a preforked cyrus.conf for that. Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 7.11.08 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really interesting because in my tests it seems to have worked. Could you show us strings /proc/ /environ and strings /proc/ /environ? BTW, are you running Linux or another *X? Simon I just want the binaries
Re: Running Cyrus Imap under a different user
The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( Hm, maybe RPATH is the solution http://en.wikipedia.org/wiki/Rpath_%28linking%29 Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 9.50.00 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master = I tried connecting to local port 143, it connects and then waits forever. After that, I get this into imapd.log : Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11 Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally And then many retries To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). That's why I asked for the environment dump on an imapd process. Please check it because there you will see how LD_LIBRARY_PATH looks like. If it's difficult to get a long running imapd process you could use a preforked cyrus.conf for that. Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 7.11.08 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really
Re: Running Cyrus Imap under a different user
Thanx Simon, I will consider your suggestion after trying another step. I tried this: [soni...@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb linux-gate.so.1 =(0x0047d000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x0011) libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) /lib/ld-linux.so.2 (0x0079e000) As you can see, all my libraries are considered (instead of system ones) but not libdb ( libdb-4.3.so =/lib/libdb-4.3.so ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.I'm confused -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.33.01 CET Oggetto: Re: Running Cyrus Imap under a different user The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( Hm, maybe RPATH is the solution http://en.wikipedia.org/wiki/Rpath_%28linking%29 Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 9.50.00 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master = I tried connecting to local port 143, it connects
Re: Running Cyrus Imap under a different user
omg, I also noticed that saslauthd has the correct reference of libdb: [soni...@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd linux-gate.so.1 =(0x00531000) libcrypt.so.1 =/lib/libcrypt.so.1 (0x07121000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libldap-2.4.so.2 =/sonicle/lib/libldap-2.4.so.2 (0x0026) liblber-2.4.so.2 =/sonicle/lib/liblber-2.4.so.2 (0x00ec5000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0011) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdb-4.8.so =/sonicle/lib/libdb-4.8.so (0x002a8000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00457000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x00471000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00d3) /lib/ld-linux.so.2 (0x0079e000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) I compiled both sasl and imap with --with-bdb-libdir=/sonicle/lib, but sasl shows it correct, while imap shows it bad. -= Mail sent through WebTop2 =- Da: Gabriele Bulfon A: Simon Matter Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.43.07 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx Simon, I will consider your suggestion after trying another step. I tried this: [soni...@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb linux-gate.so.1 =(0x0047d000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x0011) libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) /lib/ld-linux.so.2 (0x0079e000) As you can see, all my libraries are considered (instead of system ones) but not libdb ( libdb-4.3.so =/lib/libdb-4.3.so ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.I'm confused -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.33.01 CET Oggetto: Re: Running Cyrus Imap under a different user The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( Hm, maybe RPATH is the solution http://en.wikipedia.org/wiki/Rpath_%28linking%29 Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 9.50.00 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, here is the output of master proc, and it looks it has all the needed environment: = [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/100:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/100:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/100:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln
Re: Running Cyrus Imap under a different user
Yes, I also do the incdir. I did a make clean and re-run configure and make, now I noticed this last gcc line! gcc -L/sonicle/lib -Wl,-rpath,/sonicle/lib -L/sonicle/lib -o notifyd \ ../master/service.o notifyd.o notify_null.o notify_log.o notify_mailto.o notify_zephyr.o notify_external.o ../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a -L/sonicle/lib -Wl,-rpath,/sonicle/lib -lsasl2 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lcom_err -lwrap -lnsl ...seems like it's already using rpath, ANDwhy -ldb.4.3??? shouldn't it be just -ldb??? Gabriele Bulfon - Sonicle S.r.l. Tel +39 028246016 Int. 30 - Fax +39 028243880 Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY http://www.sonicle.com -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.59.58 CET Oggetto: Re: Running Cyrus Imap under a different user omg, I also noticed that saslauthd has the correct reference of libdb: [soni...@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd linux-gate.so.1 =(0x00531000) libcrypt.so.1 =/lib/libcrypt.so.1 (0x07121000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libldap-2.4.so.2 =/sonicle/lib/libldap-2.4.so.2 (0x0026) liblber-2.4.so.2 =/sonicle/lib/liblber-2.4.so.2 (0x00ec5000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0011) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdb-4.8.so =/sonicle/lib/libdb-4.8.so (0x002a8000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00457000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x00471000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00d3) /lib/ld-linux.so.2 (0x0079e000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) I compiled both sasl and imap with --with-bdb-libdir=/sonicle/lib, but sasl shows it correct, while imap shows it bad. I'm using --with-bdb-incdir= for cyrus-imapd, maybe you should try it. Simon -= Mail sent through WebTop2 =- Da: Gabriele Bulfon A: Simon Matter Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.43.07 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx Simon, I will consider your suggestion after trying another step. I tried this: [soni...@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb linux-gate.so.1 =(0x0047d000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x0011) libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) /lib/ld-linux.so.2 (0x0079e000) As you can see, all my libraries are considered (instead of system ones) but not libdb ( libdb-4.3.so =/lib/libdb-4.3.so ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.I'm confused -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.33.01 CET Oggetto: Re: Running Cyrus Imap under a different user The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( Hm, maybe RPATH is the solution http://en.wikipedia.org/wiki/Rpath_%28linking%29
Re: Running Cyrus Imap under a different user
oh oh, I found that imapd configure scripts searches for -ldb starting from 4.7, going down until it finds a good one I was so unlucky to put 4.8 inside my environment! :) I will rebuild my environment with db4.7 and see what happens ;) thanks for all your help! Gabriele. -= Mail sent through WebTop2 =- Da: Gabriele Bulfon A: Simon Matter Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 11.03.40 CET Oggetto: Re: Running Cyrus Imap under a different user Yes, I also do the incdir. I did a make clean and re-run configure and make, now I noticed this last gcc line! gcc -L/sonicle/lib -Wl,-rpath,/sonicle/lib -L/sonicle/lib -o notifyd \ ../master/service.o notifyd.o notify_null.o notify_log.o notify_mailto.o notify_zephyr.o notify_external.o ../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a -L/sonicle/lib -Wl,-rpath,/sonicle/lib -lsasl2 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lcom_err -lwrap -lnsl ...seems like it's already using rpath, ANDwhy -ldb.4.3??? shouldn't it be just -ldb??? Gabriele Bulfon - Sonicle S.r.l. Tel +39 028246016 Int. 30 - Fax +39 028243880 Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY http://www.sonicle.com -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.59.58 CET Oggetto: Re: Running Cyrus Imap under a different user omg, I also noticed that saslauthd has the correct reference of libdb: [soni...@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd linux-gate.so.1 =(0x00531000) libcrypt.so.1 =/lib/libcrypt.so.1 (0x07121000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libldap-2.4.so.2 =/sonicle/lib/libldap-2.4.so.2 (0x0026) liblber-2.4.so.2 =/sonicle/lib/liblber-2.4.so.2 (0x00ec5000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0011) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdb-4.8.so =/sonicle/lib/libdb-4.8.so (0x002a8000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00457000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x00471000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00d3) /lib/ld-linux.so.2 (0x0079e000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) I compiled both sasl and imap with --with-bdb-libdir=/sonicle/lib, but sasl shows it correct, while imap shows it bad. I'm using --with-bdb-incdir= for cyrus-imapd, maybe you should try it. Simon -= Mail sent through WebTop2 =- Da: Gabriele Bulfon A: Simon Matter Cc: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.43.07 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx Simon, I will consider your suggestion after trying another step. I tried this: [soni...@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb linux-gate.so.1 =(0x0047d000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x0011) libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) /lib/ld-linux.so.2 (0x0079e000) As you can see, all my libraries are considered (instead of system ones) but not libdb ( libdb-4.3.so =/lib/libdb-4.3.so ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.I'm confused -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.33.01 CET Oggetto: Re: Running Cyrus Imap under a different user The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason In my case, to be sure that my daemons always run my
Re: Running Cyrus Imap under a different user
On 11/04/2010 07:21 AM, Gabriele Bulfon wrote: oh oh, I found that imapd configure scripts searches for -ldb starting from 4.7, going down until it finds a good one I was so unlucky to put 4.8 inside my environment! :) Or just modify the configure script to also search for 4.8 :-) I will rebuild my environment with db4.7 and see what happens ;) thanks for all your help! Gabriele. snip attachment: boutilpj.vcf Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Oh yes, that's what I did infact :) but I'll have to be careful on next downloads. And also, should I be worried that 4.8 is not considered safe for cyrus-imap? -= Mail sent through WebTop2 =- -- Da: Patrick Boutilier A: info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 12.31.24 CET Oggetto: Re: Running Cyrus Imap under a different user On 11/04/2010 07:21 AM, Gabriele Bulfon wrote: oh oh, I found that imapd configure scripts searches for -ldb starting from 4.7, going down until it finds a good one I was so unlucky to put 4.8 inside my environment! :) Or just modify the configure script to also search for 4.8 :-) I will rebuild my environment with db4.7 and see what happens ;) thanks for all your help! Gabriele. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
On Thu, Nov 04, 2010 at 02:45:40PM +0100, Gabriele Bulfon wrote: Oh yes, that's what I did infact :) but I'll have to be careful on next downloads. And also, should I be worried that 4.8 is not considered safe for cyrus-imap? 4.8 support has been added to upstream git - it will be in the next release. Bron. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Running Cyrus Imap under a different user
Hello, I need to run cyrus as a different user, because for some reason I don't want to touch system users. I've built all the cyrus stuff under this different user, also using the configure switches (--with-cyrus-user=myuser --with-cyrus-group=mygroup). I followed the documentation to prepare all the needed directories by changing cyrus into myuser and mail into mygroup. I tried starting the master daemon as myuser, but it seems it has not enough privileges to listen on standard ports and some other problems. So I tried starting the master as root. To do this, the script (ran as myuser) do a sudo. The problem is that the new process will have a different environment than what my user has. Expecially, my environment has his own libs against which I compiled, different from the system ones. So, I prepared another script that prepares the environment and starts master. This way I could sudo myscript. Master now runs, but then changes user to fork processes, and once again it seems to loose my environment: Nov 3 17:34:13 sl master[18963]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Nov 3 17:34:13 sl master[18963]: retrying with 1024 (current max) Nov 3 17:34:13 sl master[18963]: process started Nov 3 17:34:13 sl master[18964]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18964]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18964 exited, signaled to death by 11 Nov 3 17:34:13 sl master[18963]: unable to setsocketopt(IP_TOS): Operation not supported Nov 3 17:34:13 sl master[18963]: ready for work Nov 3 17:34:13 sl master[18965]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18965]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18965 exited, signaled to death by 11 How can I solve this problem? Is there anyway to let the new processes have the correct environment? Thanx Gabriele. -= Mail sent through WebTop2 =- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Hello, I need to run cyrus as a different user, because for some reason I don't want to touch system users. I've built all the cyrus stuff under this different user, also using the configure switches (--with-cyrus-user=myuser --with-cyrus-group=mygroup). I followed the documentation to prepare all the needed directories by changing cyrus into myuser and mail into mygroup. I tried starting the master daemon as myuser, but it seems it has not enough privileges to listen on standard ports and some other problems. So I tried starting the master as root. I think starting master as root is the correct way. To do this, the script (ran as myuser) do a sudo. The problem is that the new process will have a different environment than what my user has. Expecially, my environment has his own libs against which I compiled, different from the system ones. So how exactly does you environment look? Is it LD_LIBRARY_PATH which makes you cyrus use the correct libs? So, I prepared another script that prepares the environment and starts master. This way I could sudo myscript. Master now runs, but then changes user to fork processes, and once again it seems to loose my environment: Nov 3 17:34:13 sl master[18963]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Nov 3 17:34:13 sl master[18963]: retrying with 1024 (current max) Nov 3 17:34:13 sl master[18963]: process started Nov 3 17:34:13 sl master[18964]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18964]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18964 exited, signaled to death by 11 Nov 3 17:34:13 sl master[18963]: unable to setsocketopt(IP_TOS): Operation not supported Nov 3 17:34:13 sl master[18963]: ready for work Nov 3 17:34:13 sl master[18965]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18965]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18965 exited, signaled to death by 11 How can I solve this problem? Is there anyway to let the new processes have the correct environment? Hm, I didn't check whether Cyrus resets the environment but, stupid question, did you forget to export the vars in question? Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 17.56.52 CET Oggetto: Re: Running Cyrus Imap under a different user Hello, I need to run cyrus as a different user, because for some reason I don't want to touch system users. I've built all the cyrus stuff under this different user, also using the configure switches (--with-cyrus-user=myuser --with-cyrus-group=mygroup). I followed the documentation to prepare all the needed directories by changing cyrus into myuser and mail into mygroup. I tried starting the master daemon as myuser, but it seems it has not enough privileges to listen on standard ports and some other problems. So I tried starting the master as root. I think starting master as root is the correct way. To do this, the script (ran as myuser) do a sudo. The problem is that the new process will have a different environment than what my user has. Expecially, my environment has his own libs against which I compiled, different from the system ones. So how exactly does you environment look? Is it LD_LIBRARY_PATH which makes you cyrus use the correct libs? So, I prepared another script that prepares the environment and starts master. This way I could sudo myscript. Master now runs, but then changes user to fork processes, and once again it seems to loose my environment: Nov 3 17:34:13 sl master[18963]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Nov 3 17:34:13 sl master[18963]: retrying with 1024 (current max) Nov 3 17:34:13 sl master[18963]: process started Nov 3 17:34:13 sl master[18964]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18964]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18964 exited, signaled to death by 11 Nov 3 17:34:13 sl master[18963]: unable to setsocketopt(IP_TOS): Operation not supported Nov 3 17:34:13 sl master[18963]: ready for work Nov 3 17:34:13 sl master[18965]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18965]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18965 exited, signaled to death by 11 How can I solve this problem? Is there anyway to let the new processes have the correct environment? Hm, I didn't check whether Cyrus resets the environment but, stupid question, did you forget to export the vars in question? Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? I'm not sure I understand correctly. I just tried it here like this: - log in as root - export some env vars - start Cyrus as /usr/lib/cyrus-imapd/cyrus-master -C /etc/imapd.conf -M /etc/cyrus.conf -p /var/run/cyrus-master.pid -d Now, I check for those vars in /proc/[PID]/environ and see that the env vars are still there, for master and for it childrens like imapd. Did I miss what you mean? Simon -= Mail sent through WebTop2 =- -- Da: Simon Matter A: Gabriele Bulfon Cc: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 17.56.52 CET Oggetto: Re: Running Cyrus Imap under a different user Hello, I need to run cyrus as a different user, because for some reason I don't want to touch system users. I've built all the cyrus stuff under this different user, also using the configure switches (--with-cyrus-user=myuser --with-cyrus-group=mygroup). I followed the documentation to prepare all the needed directories by changing cyrus into myuser and mail into mygroup. I tried starting the master daemon as myuser, but it seems it has not enough privileges to listen on standard ports and some other problems. So I tried starting the master as root. I think starting master as root is the correct way. To do this, the script (ran as myuser) do a sudo. The problem is that the new process will have a different environment than what my user has. Expecially, my environment has his own libs against which I compiled, different from the system ones. So how exactly does you environment look? Is it LD_LIBRARY_PATH which makes you cyrus use the correct libs? So, I prepared another script that prepares the environment and starts master. This way I could sudo myscript. Master now runs, but then changes user to fork processes, and once again it seems to loose my environment: Nov 3 17:34:13 sl master[18963]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Nov 3 17:34:13 sl master[18963]: retrying with 1024 (current max) Nov 3 17:34:13 sl master[18963]: process started Nov 3 17:34:13 sl master[18964]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18964]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18964 exited, signaled to death by 11 Nov 3 17:34:13 sl master[18963]: unable to setsocketopt(IP_TOS): Operation not supported Nov 3 17:34:13 sl master[18963]: ready for work Nov 3 17:34:13 sl master[18965]: about to exec /sonicle/bin/ctl_cyrusdb Nov 3 17:34:13 sl ctl_cyrusdb[18965]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 3 17:34:13 sl master[18963]: process 18965 exited, signaled to death by 11 How can I solve this problem? Is there anyway to let the new processes have the correct environment? Hm, I didn't check whether Cyrus resets the environment but, stupid question, did you forget to export the vars in question? Simon Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? I just want the binaries to override system libs with mine :) (of course I could set system environemnt inside master profile or elsewhere, but this is not what I want to do. I can't touch any root system behaviour) Thanx again :) Gabriele. -= Mail sent through WebTop2 =- -- Da: Clement Hermann (nodens) A: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 20.59.53 CET Oggetto: Re: Running Cyrus Imap under a different user Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
