Re: [Dovecot] doveadm -A stops processing at first uid<first_valid_uid
On Sun, 4 Mar 2012, Timo Sirainen writes:
passwd-file under dovecot 2.0.16.
The wording did not escape my notice, which is why I suspect it's not doing what it was designed to do. This is my test:
# Command
doveadm mailbox list -A
# Start of password file
sysdaemon:*:500:500:System daemon:/:/dev/null
... and the rest ...
# dovecot.conf
...
first_valid_uid = 10000
first_valid_gid = 10000
...In this situation, doveadm will exit immediately with an UID error message. If I change the UID>10000, it will produce the analogous GID error message. If I satify both UID and GID constraints, it will fail on the next daemon entry. If I move the sysdaemon entry all the way to the bottom of the pasword file, I get
user1 saved-messages
user1 sent-mail
user1 postponed-msgs
user1 temp
user1 temp/temp
user1 INBOX
user2 sent-mail
user2 101
user2 345
user2 ckf
... all user's mailbox with UID>10000, then ...
doveadm(sysdaemon): Error: user sysdaemon: Couldn't drop privileges: Mail access for users with UID 500 not permitted (see first_valid_uid in config file, uid from userdb lookup).
doveadm(sysdaemon): Error: User init failed
doveadm: Error: Failed to iterate through some usersOh, it says about first_valid_gid. Is sysdaemon's UID within valid range?
Sorry for this error mismatch -- I cut&pasted the wrong test output; however, the problem I witnessed applies to both UID and GID (if either constraint is not met, user iteration terminates).
I also added this today: http://hg.dovecot.org/dovecot-2.1/rev/85a8d582d37f
It looks like I'll be upgrading. Oh, I just spotted this in the ChangeLog -- maybe you are undoing this?
(2010-10-21)
* src/auth/auth-settings.c, src/auth/auth-settings.h, src/auth/userdb-
passwd.c:
auth: userdb passwd iteration now lists only users within
first_valid_uid..last_valid_uid range.
[745ef289b0ea]Joseph Tam <jtam.home@gmail.com>
participants (2)
-
Joseph Tam
-
Timo Sirainen