Thanx Simon, I will consider your suggestion after trying another step. I tried this: [soni...@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb linux-gate.so.1 =(0x0047d000) libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x00110000) libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) libc.so.6 =/lib/libc.so.6 (0x007bd000) libdl.so.2 =/lib/libdl.so.2 (0x00918000) libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) /lib/ld-linux.so.2 (0x0079e000) As you can see, all my libraries are considered (instead of system ones) but not libdb ( libdb-4.3.so =/lib/libdb-4.3.so ). This sounds strange as I compiled with --with-bdb=/sonicle , and actually the errors in imapd states that the binaries were compiled against libdb-4.8.30 (my /sonicle/lib one) but linking against libdb-4.3.....I'm confused.... -= Mail sent through WebTop2 =- ---------------------------------------------------------------------------------- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 10.33.01 CET Oggetto: Re: Running Cyrus Imap under a different user The system is a Scientific Linux. The imapd process just tries to exec and then fails and exit, as you can see from the log. This happens on any process that master tries to execv (e.g. ctl_cyrusdb,imapd and s on). Reading around, looks like execv brings all the parent environment, but not LD_LIBRARY_PATH, for some security reason.... In my case, to be sure that my daemons always run my own versions of the libraries, I just compiled BerkeleyDB from sources, into my /sonicle/lib. Then I compiled cyrus against it. Problem is, if I bring my prebuilt package into another system, and this system has different versions of my libraries into /usr/lib, execv calls will link into the system ones, not mine... There must be a way to have everything link into my environement... :( Hm, maybe RPATH is the solution http://en.wikipedia.org/wiki/Rpath_%28linking%29 Simon -= Mail sent through WebTop2 =- ---------------------------------------------------------------------------------- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 9.50.00 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, here is the output of master proc, and it looks it has all the needed environment: ================================================================================= [soni...@sl imap]$ ps -ef | fgrep master root 3370 1 0 09:26 pts/1 00:00:00 sh /sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3372 3370 0 09:26 pts/1 00:00:00 /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid sonicle 3381 2555 0 09:26 pts/1 00:00:00 fgrep master [soni...@sl imap]$ strings /proc/3372/environ strings: /proc/3372/environ: Permission denied [soni...@sl imap]$ sudo strings /proc/3372/environ LDFLAGS=-L/sonicle/lib MANPATH=/sonicle/man:/sonicle/ssl/man: HOSTNAME=sl.sonicle.com SHELL=/bin/bash TERM=xterm HISTSIZE=1000 CPPFLAGS=-I/sonicle/include USER=root LD_LIBRARY_PATH=/sonicle/lib: I don't know if it hurts but that should really be LD_LIBRARY_PATH=/sonicle/lib LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: SUDO_USER=sonicle SUDO_UID=501 CXXFLAGS=-I/sonicle/include USERNAME=root PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin MAIL=/var/spool/mail/sonicle SUDO=sudo PWD=/sonicle/var/log/imap INPUTRC=/etc/inputrc LANG=en_US.UTF-8 SHLVL=1 SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p /sonicle/var/run/cyrus-master.pid HOME=/home/sonicle TERMINFO=/sonicle/lib/terminfo CFLAGS=-I/sonicle/include LOGNAME=root PGDATA=/sonicle/pgdata SUDO_GID=501 _=/sonicle/bin/master ===================================================================== I tried connecting to local port 143, it connects and then waits forever. After that, I get this into imapd.log : Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled against 4.8.30, linked against 4.3.29 Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by 11 Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: terminated abnormally And then many retries.... To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). That's why I asked for the environment dump on an imapd process. Please check it because there you will see how LD_LIBRARY_PATH looks like. If it's difficult to get a long running imapd process you could use a preforked cyrus.conf for that. Simon -= Mail sent through WebTop2 =- ---------------------------------------------------------------------------------- Da: Simon Matter A: Gabriele Bulfon Cc: Clement Hermann (nodens) info-cyrus@lists.andrew.cmu.edu Data: 4 novembre 2010 7.11.08 CET Oggetto: Re: Running Cyrus Imap under a different user Thanx, I understand what you mean, but I'm also supposed to stop and start the same deamon from this user again, manually, without su. I already solved the sudo problem, by wrapping the master launch inside a shell that will set the environment for it, and infact it does. What happens is later, when master forks and change user. Why is it again loosing my environment? That's really interesting because in my tests it seems to have worked. Could you show us "strings /proc/ /environ" and "strings /proc/ /environ"? BTW, are you running Linux or another *X? Simon I just want the binaries to override system libs with mine :) (of course I could set system environemnt inside master profile or elsewhere, but this is not what I want to do. I can't touch any root system behaviour) Thanx again :) Gabriele. -= Mail sent through WebTop2 =- ---------------------------------------------------------------------------------- Da: Clement Hermann (nodens) A: info-cyrus@lists.andrew.cmu.edu Data: 3 novembre 2010 20.59.53 CET Oggetto: Re: Running Cyrus Imap under a different user Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
