> omg, I also noticed that saslauthd has the correct reference of libdb: > [sonicle@sl cyrus-sasl-2.1.23]$ ldd /sonicle/sbin/saslauthd > linux-gate.so.1 =(0x00531000) > libcrypt.so.1 =/lib/libcrypt.so.1 (0x07121000) > libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) > libldap-2.4.so.2 =/sonicle/lib/libldap-2.4.so.2 (0x00260000) > liblber-2.4.so.2 =/sonicle/lib/liblber-2.4.so.2 (0x00ec5000) > libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x00110000) > libc.so.6 =/lib/libc.so.6 (0x007bd000) > libdb-4.8.so =/sonicle/lib/libdb-4.8.so (0x002a8000) > libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00457000) > libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x00471000) > libdl.so.2 =/lib/libdl.so.2 (0x00918000) > libz.so.1 =/sonicle/lib/libz.so.1 (0x00d30000) > /lib/ld-linux.so.2 (0x0079e000) > libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) > I compiled both sasl and imap with "--with-bdb-libdir=/sonicle/lib", but > sasl shows it correct, > while imap shows it bad..... I'm using --with-bdb-incdir= for cyrus-imapd, maybe you should try it. Simon > -= Mail sent through WebTop2 =- > Da: > Gabriele Bulfon > A: > Simon Matter > Cc: > info-cyrus@xxxxxxxxxxxxxxxxxxxx > Data: > 4 novembre 2010 10.43.07 CET > Oggetto: > Re: Running Cyrus Imap under a different user > Thanx Simon, I will consider your suggestion after trying another step. > I tried this: > [sonicle@sl cyrus-imapd-2.4.2]$ ldd /sonicle/bin/ctl_cyrusdb > linux-gate.so.1 =(0x0047d000) > libsasl2.so.2 =/sonicle/lib/libsasl2.so.2 (0x00ee9000) > libgssapi_krb5.so.2 =/sonicle/lib/libgssapi_krb5.so.2 (0x00d64000) > libkrb5.so.3 =/sonicle/lib/libkrb5.so.3 (0x00110000) > libk5crypto.so.3 =/sonicle/lib/libk5crypto.so.3 (0x00446000) > libcom_err.so.3 =/sonicle/lib/libcom_err.so.3 (0x00a92000) > libkrb5support.so.0 =/sonicle/lib/libkrb5support.so.0 (0x00c48000) > libresolv.so.2 =/lib/libresolv.so.2 (0x00cf8000) > libssl.so.0.9.8 =/sonicle/lib/libssl.so.0.9.8 (0x001d4000) > libcrypto.so.0.9.8 =/sonicle/lib/libcrypto.so.0.9.8 (0x0021a000) > libdb-4.3.so =/lib/libdb-4.3.so (0x07345000) > libz.so.1 =/sonicle/lib/libz.so.1 (0x00361000) > libc.so.6 =/lib/libc.so.6 (0x007bd000) > libdl.so.2 =/lib/libdl.so.2 (0x00918000) > libpthread.so.0 =/lib/libpthread.so.0 (0x0094a000) > /lib/ld-linux.so.2 (0x0079e000) > As you can see, all my libraries are considered (instead of system ones) > but not libdb ( > libdb-4.3.so =/lib/libdb-4.3.so > ). This sounds strange as I compiled with --with-bdb=/sonicle , and > actually the errors in imapd states that the binaries were compiled > against libdb-4.8.30 (my /sonicle/lib one) but linking against > libdb-4.3.....I'm confused.... > -= Mail sent through WebTop2 =- > ---------------------------------------------------------------------------------- > Da: Simon Matter > A: Gabriele Bulfon > Cc: Clement Hermann (nodens) > info-cyrus@xxxxxxxxxxxxxxxxxxxx > Data: 4 novembre 2010 10.33.01 CET > Oggetto: Re: Running Cyrus Imap under a different user > The system is a Scientific Linux. > The imapd process just tries to exec and then fails and exit, as you can > see from the log. > This happens on any process that master tries to execv (e.g. > ctl_cyrusdb,imapd and s on). > Reading around, looks like execv brings all the parent environment, but > not LD_LIBRARY_PATH, > for some security reason.... > In my case, to be sure that my daemons always run my own versions of the > libraries, I just > compiled BerkeleyDB from sources, into my /sonicle/lib. > Then I compiled cyrus against it. > Problem is, if I bring my prebuilt package into another system, and this > system has different > versions of my libraries into /usr/lib, execv calls will link into the > system ones, not mine... > There must be a way to have everything link into my environement... :( > Hm, maybe RPATH is the solution > http://en.wikipedia.org/wiki/Rpath_%28linking%29 > Simon > -= Mail sent through WebTop2 =- > ---------------------------------------------------------------------------------- > Da: Simon Matter > A: Gabriele Bulfon > Cc: Clement Hermann (nodens) > info-cyrus@xxxxxxxxxxxxxxxxxxxx > Data: 4 novembre 2010 9.50.00 CET > Oggetto: Re: Running Cyrus Imap under a different user > Thanx, here is the output of master proc, and it looks it has all the > needed environment: > ================================================================================= > [sonicle@sl imap]$ ps -ef | fgrep master > root 3370 1 0 09:26 pts/1 00:00:00 sh /sonicle/scripts/envrun > /sonicle/bin/master -C /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf > -p /sonicle/var/run/cyrus-master.pid > sonicle 3372 3370 0 09:26 pts/1 00:00:00 /sonicle/bin/master -C > /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p > /sonicle/var/run/cyrus-master.pid > sonicle 3381 2555 0 09:26 pts/1 00:00:00 fgrep master > [sonicle@sl imap]$ strings /proc/3372/environ > strings: /proc/3372/environ: Permission denied > [sonicle@sl imap]$ sudo strings /proc/3372/environ > LDFLAGS=-L/sonicle/lib > MANPATH=/sonicle/man:/sonicle/ssl/man: > HOSTNAME=sl.sonicle.com > SHELL=/bin/bash > TERM=xterm > HISTSIZE=1000 > CPPFLAGS=-I/sonicle/include > USER=root > LD_LIBRARY_PATH=/sonicle/lib: > I don't know if it hurts but that should really be > LD_LIBRARY_PATH=/sonicle/lib > LS_COLORSo=00:fi=00:di=01;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35: > SUDO_USER=sonicle > SUDO_UID=501 > CXXFLAGS=-I/sonicle/include > USERNAME=root > PATH=/sonicle/scripts:/sonicle/sbin:/sonicle/java/bin:/sonicle/bin:/sonicle/bacula/etc:/sonicle/mysql/bin:/usr/bin:/bin > MAIL=/var/spool/mail/sonicle > SUDO=sudo > PWD=/sonicle/var/log/imap > INPUTRC=/etc/inputrc > LANG=en_US.UTF-8 > SHLVL=1 > SUDO_COMMAND=/sonicle/scripts/envrun /sonicle/bin/master -C > /sonicle/etc/imapd.conf -M /sonicle/etc/cyrus.conf -p > /sonicle/var/run/cyrus-master.pid > HOME=/home/sonicle > TERMINFO=/sonicle/lib/terminfo > CFLAGS=-I/sonicle/include > LOGNAME=root > PGDATA=/sonicle/pgdata > SUDO_GID=501 > _=/sonicle/bin/master > ===================================================================== > I tried connecting to local port 143, it connects and then waits forever. > After that, I get this into imapd.log : > Nov 4 09:24:55 sl master[3341]: about to exec /sonicle/bin/imapd > Nov 4 09:24:55 sl imap[3341]: incorrect version of Berkeley db: compiled > against 4.8.30, linked against 4.3.29 > Nov 4 09:24:55 sl imap[3341]: Fatal error: wrong db version > Nov 4 09:24:55 sl master[2581]: process 3341 exited, signaled to death by > 11 > Nov 4 09:24:55 sl master[2581]: service imap pid 3341 in READY state: > terminated abnormally > And then many retries.... > To me, looks like imapd has no more my LD_LIBRARY_PATH (master has it). > That's why I asked for the environment dump on an imapd process. Please > check it because there you will see how LD_LIBRARY_PATH looks like. > If it's difficult to get a long running imapd process you could use a > preforked cyrus.conf for that. > Simon > -= Mail sent through WebTop2 =- > ---------------------------------------------------------------------------------- > Da: Simon Matter > A: Gabriele Bulfon > Cc: Clement Hermann (nodens) > info-cyrus@xxxxxxxxxxxxxxxxxxxx > Data: 4 novembre 2010 7.11.08 CET > Oggetto: Re: Running Cyrus Imap under a different user > Thanx, I understand what you mean, but I'm also supposed to stop and start > the same deamon > from this user again, manually, without su. > I already solved the sudo problem, by wrapping the master launch inside a > shell that will > set the environment for it, and infact it does. > What happens is later, when master forks and change user. > Why is it again loosing my environment? > That's really interesting because in my tests it seems to have worked. > Could you show us "strings /proc/ > /environ" and "strings > /proc/ > /environ"? > BTW, are you running Linux or another *X? > Simon > I just want the binaries to override system libs with mine :) > (of course I could set system environemnt inside master profile or > elsewhere, but this is not what I want to do. I can't touch any root > system behaviour) > Thanx again :) > Gabriele. > -= Mail sent through WebTop2 =- > ---------------------------------------------------------------------------------- > Da: Clement Hermann (nodens) > A: info-cyrus@xxxxxxxxxxxxxxxxxxxx > Data: 3 novembre 2010 20.59.53 CET > Oggetto: Re: Running Cyrus Imap under a different user > Le 03/11/2010 18:03, Gabriele Bulfon a écrit : > Thanx for the quick reply ;) > Yes, environment is correctly exported. > Maybe there is something I can tell to Linux so that it gives my > environement to anyone > changing user to myuser? > You are not supposed to use sudo to do this. The correct way is to login > as root (or change identity via su -, or let init run the init script > for you at startup), and launch the init script to start cyrus master, > which will drop privileges when forking to child processes (imapd, > pop3d, etc). > sudo *will* remove some environment variables, as a security mesure. > It could be that the best way to achieve what you want is to modify an > existing binary package of cyrus imapd for your distribution, modifiying > only the user-related configure options and configuration scripts. > Cheers, > -- > Clement Hermann (nodens) > - "L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ?" > Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ > Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. > Please find my public key on the public keyserver pgp.mit.edu. > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
