<div style="font-family: Verdana; font-size: 12px;">omg, I also noticed that saslauthd has the correct reference of libdb:<br><br>[sonicle@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd<br> linux-gate.so.1 => (0x00531000)<br> libcrypt.so.1 => /lib/libcrypt.so.1 (0x07121000)<br> libresolv.so.2 => /lib/libresolv.so.2 (0x00cf8000)<br> libldap-2.4.so.2 => /sonicle/lib/libldap-2.4.so.2 (0x00260000)<br> liblber-2.4.so.2 => /sonicle/lib/liblber-2.4.so.2 (0x00ec5000)<br> libcrypto.so.0.9.8 => /sonicle/lib/libcrypto.so.0.9.8 (0x00110000)<br> libc.so.6 => /lib/libc.so.6 (0x007bd000)<br> libdb-4.8.so => /sonicle/lib/libdb-4.8.so (0x002a8000)<br> libsasl2.so.2 => /sonicle/lib/libsasl2.so.2 (0x00457000)<br> libssl.so.0.9.8 => /sonicle/lib/libssl.so.0.9.8 (0x00471000)<br> libdl.so.2 => /lib/libdl.so.2 (0x00918000)<br> libz.so.1 => /sonicle/lib/libz.so.1 (0x00d30000)<br> /lib/ld-linux.so.2 (0x0079e000)<br> libpthread.so.0 => /lib/libpthread.so.0 (0x0094a000)<br><br><div>I compiled both sasl and imap with "--with-bdb-libdir=/sonicle/lib", but sasl shows it correct,<br>while imap shows it bad.....<br><br><font size="1"> -= Mail sent through WebTop2 =-</font>
</div><br><hr><br><br><font face="Arial, Helvetica, sans-serif" size="2"><b>Da:</b> Gabriele Bulfon <gbulfon@sonicle.com><br><b>A:</b> Simon Matter <simon.matter@invoca.ch> <br><b>Cc:</b> info-cyrus@lists.andrew.cmu.edu <br><b>Data:</b> 4 novembre 2010 10.43.07 CET<br><b>Oggetto:</b> Re: Running Cyrus Imap under a different user<br></font><br><br><blockquote style="border-left: 2px solid rgb(0, 0, 128); margin-left: 5px; padding-left: 5px;"><div style="font-family: Verdana; font-size: 12px;">Thanx Simon, I will consider your suggestion after trying another step.<br><br>I tried this:<br><br><font face="courier new">[sonicle@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb<br> linux-gate.so.1 => (0x0047d000)<br> libsasl2.so.2 => /sonicle/lib/libsasl2.so.2 (0x00ee9000)<br> libgssapi_krb5.so.2 => /sonicle/lib/libgssapi_krb5.so.2 (0x00d64000)<br> libkrb5.so.3 => /sonicle/lib/libkrb5.so.3 (0x00110000)<br> libk5crypto.so.3 => /sonicle/lib/libk5crypto.so.3 (0x00446000)<br> libcom_err.so.3 => /sonicle/lib/libcom_err.so.3 (0x00a92000)<br> libkrb5support.so.0 => /sonicle/lib/libkrb5support.so.0 (0x00c48000)<br> libresolv.so.2 => /lib/libresolv.so.2 (0x00cf8000)<br> libssl.so.0.9.8 => /sonicle/lib/libssl.so.0.9.8 (0x001d4000)<br> libcrypto.so.0.9.8 => /sonicle/lib/libcrypto.so.0.9.8 (0x0021a000)<br> libdb-4.3.so => /lib/libdb-4.3.so (0x07345000)<br> libz.so.1 => /sonicle/lib/libz.so.1 (0x00361000)<br> libc.so.6 => /lib/libc.so.6 (0x007bd000)<br> libdl.so.2 => /lib/libdl.so.2 (0x00918000)<br> libpthread.so.0 => /lib/libpthread.so.0 (0x0094a000)<br> /lib/ld-linux.so.2 (0x0079e000)<br></font><br><br>As you can see, all my libraries are considered (instead of system ones) but not libdb ( <font face="courier new">libdb-4.3.so => /lib/libdb-4.3.so</font> ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.....I'm confused....<br><br><div><br><font size="1"> -= Mail sent through WebTop2 =-</font>
</div><tt><br><br><br>----------------------------------------------------------------------------------<br><br>Da: Simon Matter <simon.matter@invoca.ch><br>A: Gabriele Bulfon <gbulfon@sonicle.com> <br>Cc: Clement Hermann (nodens) <nodens2099@gmail.com> info-cyrus@lists.andrew.cmu.edu <br>Data: 4 novembre 2010 10.33.01 CET<br>Oggetto: Re: Running Cyrus Imap under a different user<br><br></tt><blockquote style="border-left: 2px solid rgb(0, 0, 128); margin-left: 5px; padding-left: 5px;"><tt>> The system is a Scientific Linux.<br>> The imapd process just tries to exec and then fails and exit, as you can<br>> see from the log.<br>> This happens on any process that master tries to execv (e.g.<br>> ctl_cyrusdb,imapd and s on).<br>> Reading around, looks like execv brings all the parent environment, but<br>> not LD_LIBRARY_PATH,<br>> for some security reason....<br>> In my case, to be sure that my daemons always run my own versions of the<br>> libraries, I just<br>> compiled BerkeleyDB from sources, into my /sonicle/lib.<br>> Then I compiled cyrus against it.<br>> Problem is, if I bring my prebuilt package into another system, and this<br>> system has different<br>> versions of my libraries into /usr/lib, execv calls will link into the<br>> system ones, not mine...<br>> There must be a way to have everything link into my environement... :(<br><br>Hm, maybe RPATH is the solution<br>http://en.wikipedia.org/wiki/Rpath_%28linking%29<br><br>Simon<br><br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Simon Matter<br>> A: Gabriele Bulfon<br>> Cc: Clement Hermann (nodens)<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data: 4 novembre 2010 9.50.00 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Thanx, here is the output of master proc, and it looks it has all the<br>> needed environment:<br>> =================================================================================<br>> [sonicle@sl imap]$ ps -ef | fgrep master<br>> root 3370 1 0 09:26 pts/1 00:00:00 sh /sonicle/scripts/envrun<br>> /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf<br>> -p /sonicle/var/run/cyrus-master.pid<br>> sonicle 3372 3370 0 09:26 pts/1 00:00:00 /sonicle/bin/master -C<br>> /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p<br>> /sonicle/var/run/cyrus-master.pid<br>> sonicle 3381 2555 0 09:26 pts/1 00:00:00 fgrep master<br>> [sonicle@sl imap]$ strings /proc/3372/environ<br>> strings: /proc/3372/environ: Permission denied<br>> [sonicle@sl imap]$ sudo strings /proc/3372/environ<br>> LDFLAGS=-L/sonicle/lib<br>> MANPATH=/sonicle/man:/sonicle/ssl/man:<br>> HOSTNAME=sl.sonicle.com<br>> SHELL=/bin/bash<br>> TERM=xterm<br>> HISTSIZE=1000<br>> CPPFLAGS=-I/sonicle/include<br>> USER=root<br>> LD_LIBRARY_PATH=/sonicle/lib:<br>> I don't know if it hurts but that should really be<br>> LD_LIBRARY_PATH=/sonicle/lib<br>> LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:<br>> SUDO_USER=sonicle<br>> SUDO_UID=501<br>> CXXFLAGS=-I/sonicle/include<br>> USERNAME=root<br>> PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin<br>> MAIL=/var/spool/mail/sonicle<br>> SUDO=sudo<br>> PWD=/sonicle/var/log/imap<br>> INPUTRC=/etc/inputrc<br>> LANG=en_US.UTF-8<br>> SHLVL=1<br>> SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C<br>> /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p<br>> /sonicle/var/run/cyrus-master.pid<br>> HOME=/home/sonicle<br>> TERMINFO=/sonicle/lib/terminfo<br>> CFLAGS=-I/sonicle/include<br>> LOGNAME=root<br>> PGDATA=/sonicle/pgdata<br>> SUDO_GID=501<br>> _=/sonicle/bin/master<br>> =====================================================================<br>> I tried connecting to local port 143, it connects and then waits forever.<br>> After that, I get this into imapd.log :<br>> Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd<br>> Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled<br>> against 4.8.30, linked against 4.3.29<br>> Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version<br>> Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by<br>> 11<br>> Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state:<br>> terminated abnormally<br>> And then many retries....<br>> To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it).<br>> That's why I asked for the environment dump on an imapd process. Please<br>> check it because there you will see how LD_LIBRARY_PATH looks like.<br>> If it's difficult to get a long running imapd process you could use a<br>> preforked cyrus.conf for that.<br>> Simon<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Simon Matter<br>> A: Gabriele Bulfon<br>> Cc: Clement Hermann (nodens)<br>> info-cyrus@lists.andrew.cmu.edu<br>> Data: 4 novembre 2010 7.11.08 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Thanx, I understand what you mean, but I'm also supposed to stop and start<br>> the same deamon<br>> from this user again, manually, without su.<br>> I already solved the sudo problem, by wrapping the master launch inside a<br>> shell that will<br>> set the environment for it, and infact it does.<br>> What happens is later, when master forks and change user.<br>> Why is it again loosing my environment?<br>> That's really interesting because in my tests it seems to have worked.<br>> Could you show us "strings /proc/<br>> /environ" and "strings<br>> /proc/<br>> /environ"?<br>> BTW, are you running Linux or another *X?<br>> Simon<br>> I just want the binaries to override system libs with mine :)<br>> (of course I could set system environemnt inside master profile or<br>> elsewhere, but this is not what I want to do. I can't touch any root<br>> system behaviour)<br>> Thanx again :)<br>> Gabriele.<br>> -= Mail sent through WebTop2 =-<br>> ----------------------------------------------------------------------------------<br>> Da: Clement Hermann (nodens)<br>> A: info-cyrus@lists.andrew.cmu.edu<br>> Data: 3 novembre 2010 20.59.53 CET<br>> Oggetto: Re: Running Cyrus Imap under a different user<br>> Le 03/11/2010 18:03, Gabriele Bulfon a écrit :<br>> Thanx for the quick reply ;)<br>> Yes, environment is correctly exported.<br>> Maybe there is something I can tell to Linux so that it gives my<br>> environement to anyone<br>> changing user to myuser?<br>> You are not supposed to use sudo to do this. The correct way is to login<br>> as root (or change identity via su -, or let init run the init script<br>> for you at startup), and launch the init script to start cyrus master,<br>> which will drop privileges when forking to child processes (imapd,<br>> pop3d, etc).<br>> sudo *will* remove some environment variables, as a security mesure.<br>> It could be that the best way to achieve what you want is to modify an<br>> existing binary package of cyrus imapd for your distribution, modifiying<br>> only the user-related configure options and configuration scripts.<br>> Cheers,<br>> --<br>> Clement Hermann (nodens)<br>> - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"<br>> Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/<br>> Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.<br>> Please find my public key on the public keyserver pgp.mit.edu.<br>> ----<br>> Cyrus Home Page: http://www.cyrusimap.org/<br>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br>> ----<br>> Cyrus Home Page: http://www.cyrusimap.org/<br>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br>><br><br><br><br><br><br></tt></blockquote></div>
<pre>----<br>Cyrus Home Page: http://www.cyrusimap.org/<br>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/<br></pre></blockquote></div>