[Dovecot] v1.0 vs 1.1b re: Postfix and Dovecot LDA
dovecot-20061108 at billmail.scconsult.com
Fri Sep 28 02:53:23 EEST 2007
At 3:58 PM -0400 9/26/07, Jerry Yeager imposed structure on a stream
of electrons, yielding:
>In running the various 1.0.n versions of Dovecot's LDA with the
>instructions in the wiki for using LDA with Postfix [on OS X 10.4]
>things went well using the instructions as-is (no setuid problems).
>This changed in moving over to the 1.1 beta. The LDA refused to work
>failing with the error "setgroups() failed: Operation not permitted"
>as I mentioned in a previous message.
That looks like a bug. A program that calls setgroups() must be
running as root. It seems to me that a code path leading to such a
call should probably be able to identify that issue before the call
and provide a better failure message than translating EPERM into its
The interesting question would be: why does deliver want to call
setgroups() at all?
>After reading the exchange between Bill Cole and Rich Winkel and
>following up on this, it seems that the new 1.1b wants you to give
>the Deliver app specific setuid permission via:
>sudo chmod u+s deliver
>Then things worked as before. There was no need to give the group
>'s' permission nor to change ownership of deliver from the default
>root:staff or root:wheel or whomever... . The error message seems
>I am not sure if, overall, this means there is a problem in Dovecot
>1.0.n or that things are being tightened up in 1.1b.
>Thanks Bill and Rich for the tip!
I'd love to take credit, but I thought that was about the LDA with
Sendmail, which is rather different, and Rich was running 1.0.3...
In any event, I won't go so far as to say that running deliver as
setuid root is actively dangerous, but it feels wrong to me and I
wouldn't do it. That may be from too much exposure to bizarre attacks
through delivery agents in the Dark Ages.
That it works without being setuid on Linux is a touch odd.
bill at scconsult.com
More information about the dovecot