<div style="font-family: Verdana; font-size: 12px;">oh oh, I found that imapd configure scripts searches for -ldb starting from 4.7, going down<br>until it finds a good one....<br>I was so unlucky to put 4.8 inside my environment! :)<br><br>I will rebuild my environment with db4.7 and see what happens ;)<br><br>thanks for all your help!<br>Gabriele.<br><div><br><font size="1"> -= Mail sent through WebTop2 =-</font>
</div><br><hr><br><br><font face="Arial, Helvetica, sans-serif" size="2"><b>Da:</b> Gabriele Bulfon <gbulfon@sonicle.com><br><b>A:</b> Simon Matter <simon.matter@invoca.ch> <br><b>Cc:</b> info-cyrus@lists.andrew.cmu.edu <br><b>Data:</b> 4 novembre 2010 11.03.40 CET<br><b>Oggetto:</b> Re: Running Cyrus Imap under a different user<br></font><br><br><blockquote style="border-left: 2px solid rgb(0, 0, 128); margin-left: 5px; padding-left: 5px;"><div style="font-family: Verdana; font-size: 12px;">Yes, I also do the incdir.<br>I did a "make clean" and re-run configure and make, now I noticed this last gcc line! <br><br><font face="courier new">gcc -L/sonicle/lib -Wl,-rpath,/sonicle/lib -L/sonicle/lib -o notifyd \<br> ../master/service.o notifyd.o notify_null.o notify_log.o notify_mailto.o notify_zephyr.o notify_external.o ../imap/mutex_fake.o ../imap/libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a -L/sonicle/lib -Wl,-rpath,/sonicle/lib -lsasl2 -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err -lkrb5support -lresolv -lresolv -lssl -lcrypto -lresolv -lfl -L/sonicle/lib -Wl,-rpath,/sonicle/lib -ldb-4.3 -lz -lcom_err -lwrap -lnsl<br></font><br><div>...seems like it's already using rpath, AND....why "-ldb.4.3"??? shouldn't it be just "-ldb"???<br><br>
<table border="1" cellspacing="0">
<tbody><tr>
<td align="right"><a target="_blank" href="http://www.sonicle.com">
<img src="http://www.sonicle.com/images/mailcard.jpg" wid="" th="350" border="0" height="45"></a></td>
</tr>
<tr>
<td align="right">
<font face="Arial" size="1">
Gabriele Bulfon - Sonicle S.r.l.<br>
Tel +39 028246016 Int. 30 - Fax +39 028243880<br>
Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY<br>
<a href="http://www.sonicle.com">http://www.sonicle.com</a>
</font>
</td>
</tr>
</tbody></table>
<font size="1"> -= Mail sent through WebTop2 =-</font>
</div><tt><br><br><br>----------------------------------------------------------------------------------<br><br>Da: Simon Matter <simon.matter@invoca.ch><br>A: Gabriele Bulfon <gbulfon@sonicle.com> <br>Cc: info-cyrus@lists.andrew.cmu.edu <br>Data: 4 novembre 2010 10.59.58 CET<br>Oggetto: Re: Running Cyrus Imap under a different user<br><br></tt><blockquote style="border-left: 2px solid rgb(0, 0, 128); margin-left: 5px; padding-left: 5px;"><tt>> omg, I also noticed that saslauthd has the correct reference of libdb:<br>> [sonicle@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd<br>> linux-gate.so.1 =(0x00531000)<br>> libcrypt.so.1 =/lib/libcrypt.so.1 (0x07121000)<br>> libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000)<br>> libldap-2.4.so.2 =/sonicle/lib/libldap-2.4.so.2 (0x00260000)<br>> liblber-2.4.so.2 =/sonicle/lib/liblber-2.4.so.2 (0x00ec5000)<br>> libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x00110000)<br>> libc.so.6 =/lib/libc.so.6 (0x007bd000)<br>> libdb-4.8.so =/sonicle/lib/libdb-4.8.so (0x002a8000)<br>> libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00457000)<br>> libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x00471000)<br>> libdl.so.2 =/lib/libdl.so.2 (0x00918000)<br>> libz.so.1 =/sonicle/lib/libz.so.1 (0x00d30000)<br>> /lib/ld-linux.so.2 (0x0079e000)<br>> libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000)<br>> I compiled both sasl and imap with "--with-bdb-libdir=/sonicle/lib", but<br>> sasl shows it correct,<br>> while imap shows it bad.....<br><br>I'm using --with-bdb-incdir= for cyrus-imapd, maybe you should try it.<br><br>Simon<br><br>> -= Mail sent through WebTop2 =-<br>> Da:<br>> Gabriele Bulfon<br>> A:<br>> Simon Matter<br>> Cc:<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data:<br>> 4 novembre 2010 10.43.07 CET<br>> Oggetto:<br>> Re: Running Cyrus Imap under a different user<br>> Thanx Simon, I will consider your suggestion after trying another step.<br>> I tried this:<br>> [sonicle@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb<br>> linux-gate.so.1 =(0x0047d000)<br>> libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000)<br>> libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000)<br>> libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x00110000)<br>> libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000)<br>> libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000)<br>> libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000)<br>> libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000)<br>> libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000)<br>> libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000)<br>> libdb-4.3.so =/lib/libdb-4.3.so (0x07345000)<br>> libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000)<br>> libc.so.6 =/lib/libc.so.6 (0x007bd000)<br>> libdl.so.2 =/lib/libdl.so.2 (0x00918000)<br>> libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000)<br>> /lib/ld-linux.so.2 (0x0079e000)<br>> As you can see, all my libraries are considered (instead of system ones)<br>> but not libdb (<br>> libdb-4.3.so =/lib/libdb-4.3.so<br>> ). This sounds strange as I compiled with --with-bdb=/sonicle , and<br>> actually the errors in imapd states that the binaries were compiled<br>> against libdb-4.8.30 (my /sonicle/lib one) but linking against<br>> libdb-4.3.....I'm confused....<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Simon Matter<br>> A: Gabriele Bulfon<br>> Cc: Clement Hermann (nodens)<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data: 4 novembre 2010 10.33.01 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> The system is a Scientific Linux.<br>> The imapd process just tries to exec and then fails and exit, as you can<br>> see from the log.<br>> This happens on any process that master tries to execv (e.g.<br>> ctl_cyrusdb,imapd and s on).<br>> Reading around, looks like execv brings all the parent environment, but<br>> not LD_LIBRARY_PATH,<br>> for some security reason....<br>> In my case, to be sure that my daemons always run my own versions of the<br>> libraries, I just<br>> compiled BerkeleyDB from sources, into my /sonicle/lib.<br>> Then I compiled cyrus against it.<br>> Problem is, if I bring my prebuilt package into another system, and this<br>> system has different<br>> versions of my libraries into /usr/lib, execv calls will link into the<br>> system ones, not mine...<br>> There must be a way to have everything link into my environement... :(<br>> Hm, maybe RPATH is the solution<br>> http://en.wikipedia.org/wiki/Rpath_%28linking%29<br>> Simon<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Simon Matter<br>> A: Gabriele Bulfon<br>> Cc: Clement Hermann (nodens)<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data: 4 novembre 2010 9.50.00 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Thanx, here is the output of master proc, and it looks it has all the<br>> needed environment:<br>> =================================================================================<br>> [sonicle@sl imap]$ ps -ef | fgrep master<br>> root 3370 1 0 09:26 pts/1 00:00:00 sh /sonicle/scripts/envrun<br>> /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf<br>> -p /sonicle/var/run/cyrus-master.pid<br>> sonicle 3372 3370 0 09:26 pts/1 00:00:00 /sonicle/bin/master -C<br>> /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p<br>> /sonicle/var/run/cyrus-master.pid<br>> sonicle 3381 2555 0 09:26 pts/1 00:00:00 fgrep master<br>> [sonicle@sl imap]$ strings /proc/3372/environ<br>> strings: /proc/3372/environ: Permission denied<br>> [sonicle@sl imap]$ sudo strings /proc/3372/environ<br>> LDFLAGS=-L/sonicle/lib<br>> MANPATH=/sonicle/man:/sonicle/ssl/man:<br>> HOSTNAME=sl.sonicle.com<br>> SHELL=/bin/bash<br>> TERM=xterm<br>> HISTSIZE=1000<br>> CPPFLAGS=-I/sonicle/include<br>> USER=root<br>> LD_LIBRARY_PATH=/sonicle/lib:<br>> I don't know if it hurts but that should really be<br>> LD_LIBRARY_PATH=/sonicle/lib<br>> LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:<br>> SUDO_USER=sonicle<br>> SUDO_UID=501<br>> CXXFLAGS=-I/sonicle/include<br>> USERNAME=root<br>> PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin<br>> MAIL=/var/spool/mail/sonicle<br>> SUDO=sudo<br>> PWD=/sonicle/var/log/imap<br>> INPUTRC=/etc/inputrc<br>> LANG=en_US.UTF-8<br>> SHLVL=1<br>> SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C<br>> /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p<br>> /sonicle/var/run/cyrus-master.pid<br>> HOME=/home/sonicle<br>> TERMINFO=/sonicle/lib/terminfo<br>> CFLAGS=-I/sonicle/include<br>> LOGNAME=root<br>> PGDATA=/sonicle/pgdata<br>> SUDO_GID=501<br>> _=/sonicle/bin/master<br>> =====================================================================<br>> I tried connecting to local port 143, it connects and then waits forever.<br>> After that, I get this into imapd.log :<br>> Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd<br>> Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled<br>> against 4.8.30, linked against 4.3.29<br>> Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version<br>> Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by<br>> 11<br>> Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state:<br>> terminated abnormally<br>> And then many retries....<br>> To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it).<br>> That's why I asked for the environment dump on an imapd process. Please<br>> check it because there you will see how LD_LIBRARY_PATH looks like.<br>> If it's difficult to get a long running imapd process you could use a<br>> preforked cyrus.conf for that.<br>> Simon<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Simon Matter<br>> A: Gabriele Bulfon<br>> Cc: Clement Hermann (nodens)<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data: 4 novembre 2010 7.11.08 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Thanx, I understand what you mean, but I'm also supposed to stop and start<br>> the same deamon<br>> from this user again, manually, without su.<br>> I already solved the sudo problem, by wrapping the master launch inside a<br>> shell that will<br>> set the environment for it, and infact it does.<br>> What happens is later, when master forks and change user.<br>> Why is it again loosing my environment?<br>> That's really interesting because in my tests it seems to have worked.<br>> Could you show us "strings /proc/<br>> /environ" and "strings<br>> /proc/<br>> /environ"?<br>> BTW, are you running Linux or another *X?<br>> Simon<br>> I just want the binaries to override system libs with mine :)<br>> (of course I could set system environemnt inside master profile or<br>> elsewhere, but this is not what I want to do. I can't touch any root<br>> system behaviour)<br>> Thanx again :)<br>> Gabriele.<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Clement Hermann (nodens)<br>> A: info-cyrus@lists.andrew.cmu.edu<br>> Data: 3 novembre 2010 20.59.53 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Le 03/11/2010 18:03, Gabriele Bulfon a écrit :<br>> Thanx for the quick reply ;)<br>> Yes, environment is correctly exported.<br>> Maybe there is something I can tell to Linux so that it gives my<br>> environement to anyone<br>> changing user to myuser?<br>> You are not supposed to use sudo to do this. The correct way is to login<br>> as root (or change identity via su -, or let init run the init script<br>> for you at startup), and launch the init script to start cyrus master,<br>> which will drop privileges when forking to child processes (imapd,<br>> pop3d, etc).<br>> sudo *will* remove some environment variables, as a security mesure.<br>> It could be that the best way to achieve what you want is to modify an<br>> existing binary package of cyrus imapd for your distribution, modifiying<br>> only the user-related configure options and configuration scripts.<br>> Cheers,<br>> --<br>> Clement Hermann (nodens)<br>> - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"<br>> Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/<br>> Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.<br>> Please find my public key on the public keyserver pgp.mit.edu.<br>> ----<br>> Cyrus Home Page: http://www.cyrusimap.org/<br>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br>> ----<br>> Cyrus Home Page: http://www.cyrusimap.org/<br>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br>> ----<br>> Cyrus Home Page: http://www.cyrusimap.org/<br>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br>><br><br><br><br><br><br></tt></blockquote></div>
<pre>----<br>Cyrus Home Page: http://www.cyrusimap.org/<br>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br></pre></blockquote></div>