Bugzilla – Bug 1119630
cyrus-imapd.service contains bogus User and Group specification
Last modified: 2018-12-15 11:20:15 UTC
Since recently, the cyrus-imapd package contains a native systemd unit file, /usr/lib/systemd/system/cyrus-imapd.service, replacing the auto-generated /run/systemd/generator.late/cyrus.service. As opposed to the latter, the native service specifies the daemon process's user as cyrus and the group as mail. That's broken, since it's the master daemon's own business to setuid() to the daemon user, not systemd's. The master has to open protected ports (imap, 143, among others) before setuid(), and fails if it runs as cyrus:
master: unable to create imap listener socket: Permission denied
This is on cyrus-imapd-2.4.19-6.1.x86_64@tumbleweed. Works fine if User= and Group= are omitted from the unit file.
Sorry, posted twice.
*** This bug has been marked as a duplicate of bug 1119629 ***