Mike Abbott
2010-Oct-27 20:25 UTC
[Dovecot] imap can't reconnect to auth-master after setuid
With service imap { client_limit = 5, service_count = 0 }, when the auth process
crashes the existing imap processes cannot reconnect to the auth-master socket
because they have long ago dropped root privileges. Is the right solution to
this:
(1) change the perms on the auth-master socket so processes running as
vmail:vmail can connect to it, or
(2) change the code so that multi-client imap processes stop accepting new
clients when they notice an auth bounce?
If (1), the wiki should be updated to mention this.
Thanks.
Timo Sirainen
2010-Oct-27 20:31 UTC
[Dovecot] imap can't reconnect to auth-master after setuid
On 27.10.2010, at 22.25, Mike Abbott wrote:> With service imap { client_limit = 5, service_count = 0 },This still isn't all that recommended, since one connection can hang other connections in same process.> when the auth process crashesWhich of course shouldn't happen :)> the existing imap processes cannot reconnect to the auth-master socket because they have long ago dropped root privileges. Is the right solution to this: > (1) change the perms on the auth-master socket so processes running as vmail:vmail can connect to it, or > (2) change the code so that multi-client imap processes stop accepting new clients when they notice an auth bounce?Hmm. I'd prefer (2). I'll see about implementing it next week (I'm traveling this week).
Apparently Analagous Threads
- imap userdb Fatal setuid errors
- Upgrade 2.2.27 to 2.3.9.2: master(imap): net_connect_unix(imap) failed: Resource temporarily unavailable
- Upgrade 2.2.27 to 2.3.9.2: master(imap): net_connect_unix(imap) failed: Resource temporarily unavailable
- disable_plaintext_auth = no as no effect on IMAP/POP3 logins
- Imap-login service count/limits