On Fri, Sep 16, 2016, at 07:54 PM, Carlos Velasco wrote:
> >> I think idled ought to become_cyrus itself. It shouldn't continue
> >> running as root even if it was started as root.
> >
> > The attached patch seems to resolve this for me. Karl, does it help in
> > your case?
> >
> > It's against the current cyrus-imapd-2.5 from git, but should apply
> > cleanly to the 2.5.7 sources as well.
>
> This should work.
> Ellie, can you remove a dup in master.c too?
>
> #if defined(__linux__) && defined(HAVE_LIBCAP)
> if (become_cyrus(/*is_master*/1) != 0) {
> syslog(LOG_ERR, "can't change to the cyrus user: %m");
> exit(1);
> }
> #endif
>
> masterconf_getsection("START", &add_start, NULL);
> ....
> #if defined(__linux__) && defined(HAVE_LIBCAP)
> if (become_cyrus(/*is_master*/1) != 0) {
> syslog(LOG_ERR, "can't change to the cyrus user: %m");
> exit(1);
> }
> #endif
>
>
> Last one is a dup.
>
> Regards,
> Carlos Velasco
These aren't duplicated (except in your email). If you read closely,
the second one has the opposite #if condition from the first.
master needs root privileges to initialise its services, unless libcap
is available. What is going on here is:
1) If libcap is available, drop root now, we don't need it anymore
2) Initialise services
3) If libcap is not available, drop root now, we don't need it anymore
Cheers,
ellie
