[Dovecot] v2.0.tip master: service(auth): kill(pid, SIGINT) failed: Operation not permitted

2009-11-11 Thread Pascal Volk 
Hi Timo,

I've configured the user nobody for the the service auth. doveconf -n
# 2.0.alpha3: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 2.6.30-1-amd64 x86_64 Debian squeeze/sid 
…
service auth {
  user = nobody
}
…

The other processes are executed by root (or logged in user):
root  8758  0.0  0.0   2604  1052 ?Ss   07:21   0:00 
/usr/local/sbin/dovecot
root  8759  0.0  0.0   2308   808 ?S07:21   0:00  \_ 
dovecot/anvil
root 10869  0.0  0.0   2308   996 ?S08:18   0:00  \_ dovecot/log
nobody   10884  0.0  0.0   7292  2176 ?S08:18   0:00  \_ 
dovecot/auth

Logins are not a problem. But since the last logout, Dovceot
logs once a minute:
Nov 11 hh:mm:23 el-negro dovecot: master: service(auth): kill(10884, SIGINT) 
failed: Operation not permitted


Regards,
Pascal
-- 
The trapper recommends today: cafefeed.0931...@localdomain.org

Re: [Dovecot] v2.0.tip master: service(auth): kill(pid, SIGINT) failed: Operation not permitted

2009-11-11 Thread Marcus Rueckert 
On 2009-11-11 09:59:55 +0100, Pascal Volk wrote:
 Nov 11 hh:mm:23 el-negro dovecot: master: service(auth): kill(10884, SIGINT) 
 failed: Operation not permitted

you got any security hardening patches running on your machine?

darix

-- 
   openSUSE - SUSE Linux is my linux
   openSUSE is good for you
   www.opensuse.org

Re: [Dovecot] v2.0.tip master: service(auth): kill(pid, SIGINT) failed: Operation not permitted

2009-11-11 Thread Timo Sirainen 
On Wed, 2009-11-11 at 13:36 +0100, Marcus Rueckert wrote:
 On 2009-11-11 09:59:55 +0100, Pascal Volk wrote:
  Nov 11 hh:mm:23 el-negro dovecot: master: service(auth): kill(10884, 
  SIGINT) failed: Operation not permitted
 
 you got any security hardening patches running on your machine?

Oh, I had a thought: libcap. Maybe this helps:
http://hg.dovecot.org/dovecot-2.0/rev/49d92c3fa17a


signature.asc
Description: This is a digitally signed message part

Re: [Dovecot] v2.0.tip master: service(auth): kill(pid, SIGINT) failed: Operation not permitted

2009-11-11 Thread Pascal Volk 
On 11/11/2009 06:51 PM Timo Sirainen wrote:
 On Wed, 2009-11-11 at 13:36 +0100, Marcus Rueckert wrote:
 you got any security hardening patches running on your machine?

No, nothing like SELinux, AppAmor …

 Oh, I had a thought: libcap. Maybe this helps:
 http://hg.dovecot.org/dovecot-2.0/rev/49d92c3fa17a

Yeah, this helps.


Regards,
Pascal
-- 
The trapper recommends today: 5e1f1e55.0931...@localdomain.org