Hi, I just installed dovecot. The installation went well and i configured dovecot to user ~/Maildir. When I tested imap via telnet the login work, but right after that the connection is cutted: Trying 192.168.0.14... Connected to op. Escape character is '^]'. * OK dovecot ready. . login jerik password . OK Logged in. Connection closed by foreign host. And the log says: dovecot: Apr 02 19:37:18 Info: Dovecot starting up imap-login: Apr 02 19:38:03 Info: Login: jerik [192.168.0.23] imap(jerik): Apr 02 19:38:03 Fatal: We couldn't drop root group privileges dovecot: Apr 02 19:38:04 Error: child 15194 (imap) returned error 89 So the problem is that dovecot "could't drop root group". I started dovecot with /usr/local/etc/rc.d/dovecot.sh through the user root. The privilegs of the file are: ls -l dovecot.sh -r-xr-xr-x 1 root wheel 459 2 Apr 19:03 dovecot.sh the /usr/local/etc/dovecot.conf has the following entries. protocols = imap ssl_disable = yes disable_plaintext_auth = no log_path = /var/log/dovecot.log info_log_path = /var/log/dovecot.log login = imap login_user = dovecot login = pop3 verbose_proctitle = yes first_valid_gid = 0 valid_chroot_dirs = /var/mail default_mail_env = maildir:~/Maildir client_workarounds = oe6-fetch-no-newmail outlook-idle outlook-pop3-no-nuls maildir_copy_with_hardlinks = yes auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = passwd auth_user = root auth_verbose = yes If I understand the dovecot.conf wright, the is the user root required for running dovecot "auth_user = root". That's why I don't understand the erros message. By the way, through the installation there was the user and group dovecot created, should this user start dovecot at boottime? Or should he be used for other tasks? Regards Erik -- J. Erik Heinz Koblenzer Str. 11 60327 Frankfurt am Main Handy: 0163 337 37 45 Mail: jheinz at wiwi.uni-frankfurt.de
On Sun, 2005-04-03 at 00:08 +0200, J. Erik Heinz wrote:> imap(jerik): Apr 02 19:38:03 Fatal: We couldn't drop root group > privilegesWhat Dovecot version and operating system? At least one reason for this was fixed in later Dovecot versions..> If I understand the dovecot.conf wright, the is the user root required > for running dovecot "auth_user = root". That's why I don't understand > the erros message.The error message happens because jerik user is in wheel/root group and Dovecot wasn't able to drop it. You could also allow that group by setting: first_valid_gid = 1> By the way, through the installation there was the user and group > dovecot created, should this user start dovecot at boottime? Or should > he be used for other tasks?Dovecot uses it internally. It should start as root. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20050403/91a8202b/attachment-0001.bin>
Hi Timo, On Sun, Apr 03, 2005 at 01:30:26AM +0300, Timo Sirainen wrote:> On Sun, 2005-04-03 at 00:08 +0200, J. Erik Heinz wrote: > > imap(jerik): Apr 02 19:38:03 Fatal: We couldn't drop root group > > privileges > > What Dovecot version and operating system? At least one reason for this > was fixed in later Dovecot versions..OS: FreeBSD 5.3-BETA4 Dovecot: dovecot-0.99.12.1 (Portinstallation)> > If I understand the dovecot.conf wright, the is the user root required > > for running dovecot "auth_user = root". That's why I don't understand > > the erros message. > > The error message happens because jerik user is in wheel/root group and > Dovecot wasn't able to drop it. You could also allow that group by > setting: > first_valid_gid = 1I tried first_valid_gid = 1. I just changed this in the dovecot.conf. The rest of the conf is still the same. But I get still an error: Trying 192.168.0.14... Connected to op. Escape character is '^]'. * OK dovecot ready. . login jerik password . OK Logged in. * BYE Internal login failure. Error report written to server log. Connection closed by foreign host. And the logs say: dovecot: Apr 03 12:59:17 Info: Dovecot starting up dovecot: Apr 03 12:59:35 Error: Logins for users with primary group ID 0 (user jerik) not permitted (see first_valid_gid in config file). imap-login: Apr 03 12:59:35 Info: Internal login failure: jerik [192.168.0.23] I think my main problem is, that i don't understand the meaning of: "We couldn't drop root group privileges" Why should it drop the group privileges - OK ... security reasons - but how does it work? I dont get the mechanism and that's why I dont understand.> > By the way, through the installation there was the user and group > > dovecot created, should this user start dovecot at boottime? Or should > > he be used for other tasks? > Dovecot uses it internally. It should start as root.OK Regards Erik -- J. Erik Heinz Koblenzer Str. 11 60327 Frankfurt am Main Handy: 0163 337 37 45 Mail: jheinz at wiwi.uni-frankfurt.de