[Dovecot] doveadm -A stops processing at first uid<first_valid_uid

Joseph Tam jtam.home at gmail.com
Tue Mar 6 04:01:43 EET 2012 

On Sun, 4 Mar 2012, Timo Sirainen writes:

> > I would like to run various doveadm commands that involves all (mail) users like
> > 
> > 	doveadm expunge -A mailbox Trash savedbefore 30d
> > 
> > but any doveadm command that uses "-A" to iterate through all users will
> > stop processing at the first account with UID<first_valid_uid.
> 
> What userdb are you using? userdb passwd should already skip users that
> aren't in the valid range. And what Dovecot version are you using?

passwd-file under dovecot 2.0.16.

> And one more thing: Does it really even stop there? Looking at the code
> it's supposed to log an error and continue to next user. Note that it says
> "Failed to iterate through SOME users".

The wording did not escape my notice, which is why I suspect it's not doing
what it was designed to do.  This is my test:

 	# Command
 	doveadm mailbox list -A

 	# Start of password file
 	sysdaemon:*:500:500:System daemon:/:/dev/null
 	... and the rest ...

 	# dovecot.conf
 	...
 	first_valid_uid = 10000
 	first_valid_gid = 10000
 	...

In this situation, doveadm will exit immediately with an UID error
message.  If I change the UID>10000, it will produce the analogous GID
error message.  If I satify both UID and GID constraints, it will fail
on the next daemon entry.  If I move the sysdaemon entry all the way to
the bottom of the pasword file, I get

 	user1 saved-messages
 	user1 sent-mail
 	user1 postponed-msgs
 	user1 temp
 	user1 temp/temp
 	user1 INBOX
 	user2 sent-mail
 	user2 101
 	user2 345
 	user2 ckf
 	... all user's mailbox with UID>10000, then ...
 	doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: Mail access for users with UID 500 not permitted (see first_valid_uid in config file, uid from userdb lookup).
 	doveadm(sysdaemon): Error: User init failed
 	doveadm: Error: Failed to iterate through some users

> Oh, it says about first_valid_gid. Is sysdaemon's UID within valid range?

Sorry for this error mismatch -- I cut&pasted the wrong test output;
however, the problem I witnessed applies to both UID and GID (if either
constraint is not met, user iteration terminates).

> I also added this today: http://hg.dovecot.org/dovecot-2.1/rev/85a8d582d37f

It looks like I'll be upgrading.  Oh, I just spotted this in the ChangeLog --
maybe you are undoing this?

 	(2010-10-21)
         * src/auth/auth-settings.c, src/auth/auth-settings.h, src/auth/userdb-
         passwd.c:
         auth: userdb passwd iteration now lists only users within
         first_valid_uid..last_valid_uid range.
         [745ef289b0ea]

Joseph Tam <jtam.home at gmail.com>

More information about the dovecot mailing list