Proxy testing in container( chown failed /var/dovecot/login)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Proxy testing in container( chown failed /var/dovecot/login)

Dovecot mailing list

I am testing a bit with the proxy, and trying to run dovecot as a normal
user. (with cap bind_service). I was wondering what the minimum
configuration is for running like a proxy.

I am now getting issues like unable to chown on /var/dovecot/login, but
I do not need this in such a setup do I?

passdb {
  driver = static
  args = proxy=y host=192.168.11.10 nopassword=y
}



Reply | Threaded
Open this post in threaded view
|

Re: Proxy testing in container( chown failed /var/dovecot/login)

Dovecot mailing list
You should probably disable chrooting for login services if you are
running as non-root...


service imap-login {

 chroot =

}

Aki

On 11.11.2019 14.59, Marc Roos via dovecot wrote:

> I am testing a bit with the proxy, and trying to run dovecot as a normal
> user. (with cap bind_service). I was wondering what the minimum
> configuration is for running like a proxy.
>
> I am now getting issues like unable to chown on /var/dovecot/login, but
> I do not need this in such a setup do I?
>
> passdb {
>   driver = static
>   args = proxy=y host=192.168.11.10 nopassword=y
> }
>
>
>
Reply | Threaded
Open this post in threaded view
|

RE: Proxy testing in container( chown failed /var/dovecot/login)

Dovecot mailing list
I added this to the 10-master imap-login, pop3-login and
submission-login, but keep this message

Doveconf still lists imap-urlauth-login with chroot = token-login, also
when changing this one to chroot = the error persists.

Fatal: fchown() failed for /var/dovecot/login: Operation not permitted





-----Original Message-----
Subject: Re: Proxy testing in container( chown failed
/var/dovecot/login)

You should probably disable chrooting for login services if you are
running as non-root...


service imap-login {

 chroot =

}

Aki

On 11.11.2019 14.59, Marc Roos via dovecot wrote:
> I am testing a bit with the proxy, and trying to run dovecot as a
> normal user. (with cap bind_service). I was wondering what the minimum

> configuration is for running like a proxy.
>
> I am now getting issues like unable to chown on /var/dovecot/login,
> but I do not need this in such a setup do I?
>
> passdb {
>   driver = static
>   args = proxy=y host=192.168.11.10 nopassword=y }
>
>
>


Reply | Threaded
Open this post in threaded view
|

RE: Proxy testing in container( chown failed /var/dovecot/login)

Dovecot mailing list
 

I managed to work around this by putting these in the Dockerfile

(umask 027 ; mkdir /var/dovecot/login) && chown $DOVECOT_USER.dovenull
/var/dovecot/login
(umask 027 ; mkdir /var/dovecot/token-login) && chown
$DOVECOT_USER.dovenull /var/dovecot/token-login

But now I am stuck with this socket
 service(ipc): chown(/var/dovecot/login/ipc-proxy,

Is there a way around this?




-----Original Message-----
Subject: RE: Proxy testing in container( chown failed
/var/dovecot/login)

I added this to the 10-master imap-login, pop3-login and
submission-login, but keep this message

Doveconf still lists imap-urlauth-login with chroot = token-login, also
when changing this one to chroot = the error persists.

Fatal: fchown() failed for /var/dovecot/login: Operation not permitted





-----Original Message-----
Subject: Re: Proxy testing in container( chown failed
/var/dovecot/login)

You should probably disable chrooting for login services if you are
running as non-root...


service imap-login {

 chroot =

}

Aki

On 11.11.2019 14.59, Marc Roos via dovecot wrote:
> I am testing a bit with the proxy, and trying to run dovecot as a
> normal user. (with cap bind_service). I was wondering what the minimum


> configuration is for running like a proxy.
>
> I am now getting issues like unable to chown on /var/dovecot/login,
> but I do not need this in such a setup do I?
>
> passdb {
>   driver = static
>   args = proxy=y host=192.168.11.10 nopassword=y }
>
>
>