Running Cyrus Imap under a different user

Gabriele Bulfon gbulfon at sonicle.com
Thu Nov 4 04:15:51 EDT 2010 

Thanx, here is the output of master proc, and it looks it has all the needed environment:
=================================================================================
[sonicle at sl imap]$ ps -ef | fgrep master
root      3370     1  0 09:26 pts/1    00:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid
sonicle   3372  3370  0 09:26 pts/1    00:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid
sonicle   3381  2555  0 09:26 pts/1    00:00:00 fgrep master
[sonicle at sl imap]$ strings /proc/3372/environ
strings: /proc/3372/environ: Permission denied
[sonicle at sl imap]$ sudo strings /proc/3372/environ
LDFLAGS=-L/sonicle/lib
MANPATH=/sonicle/man:/sonicle/ssl/man:
HOSTNAME=sl.sonicle.com
SHELL=/bin/bash
TERM=xterm
HISTSIZE=1000
CPPFLAGS=-I/sonicle/include
USER=root
LD_LIBRARY_PATH=/sonicle/lib:
LS_COLORS=no=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
SUDO_USER=sonicle
SUDO_UID=501
CXXFLAGS=-I/sonicle/include
USERNAME=root
PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin
MAIL=/var/spool/mail/sonicle
SUDO=sudo
PWD=/sonicle/var/log/imap
INPUTRC=/etc/inputrc
LANG=en_US.UTF-8
SHLVL=1
SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid
HOME=/home/sonicle
TERMINFO=/sonicle/lib/terminfo
CFLAGS=-I/sonicle/include
LOGNAME=root
PGDATA=/sonicle/pgdata
SUDO_GID=501
_=/sonicle/bin/master
=====================================================================
I tried connecting to local port 143, it connects and then waits forever.
After that, I get this into imapd.log :
Nov  4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd
Nov  4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29
Nov  4 09:24:55 sl imap[3341]: Fatal error: wrong db version
Nov  4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11
Nov  4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally
And then many retries....
To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it).
-= Mail sent through WebTop2 =-
----------------------------------------------------------------------------------
Da: Simon Matter
A: Gabriele Bulfon
Cc: Clement Hermann (nodens)
info-cyrus at lists.andrew.cmu.edu
Data: 4 novembre 2010 7.11.08 CET
Oggetto: Re: Running Cyrus Imap under a different user
Thanx, I understand what you mean, but I'm also supposed to stop and start
the same deamon
from this user again, manually, without su.
I already solved the sudo problem, by wrapping the master launch inside a
shell that will
set the environment for it, and infact it does.
What happens is later, when master forks and change user.
Why is it again loosing my environment?
That's really interesting because in my tests it seems to have worked.
Could you show us "strings /proc/
/environ" and "strings
/proc/
/environ"?
BTW, are you running Linux or another *X?
Simon
I just want the binaries to override system libs with mine :)
(of course I could set system environemnt inside master profile or
elsewhere, but this is not what I want to do. I can't touch any root
system behaviour)
Thanx again :)
Gabriele.
-= Mail sent through WebTop2 =-
----------------------------------------------------------------------------------
Da: Clement Hermann (nodens)
A: info-cyrus at lists.andrew.cmu.edu
Data: 3 novembre 2010 20.59.53 CET
Oggetto: Re: Running Cyrus Imap under a different user
Le 03/11/2010 18:03, Gabriele Bulfon a écrit :
Thanx for the quick reply ;)
Yes, environment is correctly exported.
Maybe there is something I can tell to Linux so that it gives my
environement to anyone
changing user to myuser?
You are not supposed to use sudo to do this. The correct way is to login
as root (or change identity via su -, or let init run the init script
for you at startup), and launch the init script to start cyrus master,
which will drop privileges when forking to child processes (imapd,
pop3d, etc).
sudo *will* remove some environment variables, as a security mesure.
It could be that the best way to achieve what you want is to modify an
existing binary package of cyrus imapd for your distribution, modifiying
only the user-related configure options and configuration scripts.
Cheers,
--
Clement Hermann (nodens)
- "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?"
Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/
Vous trouverez ma clef publique sur le serveur public pgp.mit.edu.
Please find my public key on the public keyserver pgp.mit.edu.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20101104/51dc370f/attachment-0001.html

More information about the Info-cyrus mailing list