Bug 1119630 - cyrus-imapd.service contains bogus User and Group specification
cyrus-imapd.service contains bogus User and Group specification
Status: RESOLVED DUPLICATE of bug 1119629
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other
Current
Other openSUSE Factory
: P5 - None : Major (vote)
: ---
Assigned To: E-mail List
E-mail List
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-12-15 10:36 UTC by Jan Lindemann
Modified: 2018-12-15 11:20 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Lindemann 2018-12-15 10:36:18 UTC
Since recently, the cyrus-imapd package contains a native systemd unit file, /usr/lib/systemd/system/cyrus-imapd.service, replacing the auto-generated /run/systemd/generator.late/cyrus.service. As opposed to the latter, the native service specifies the daemon process's user as cyrus and the group as mail. That's broken, since it's the master daemon's own business to setuid() to the daemon user, not systemd's. The master has to open protected ports (imap, 143, among others) before setuid(), and fails if it runs as cyrus:

  master[1372]: unable to create imap listener socket: Permission denied

This is on cyrus-imapd-2.4.19-6.1.x86_64@tumbleweed. Works fine if User= and Group= are omitted from the unit file.
Comment 1 Jan Lindemann 2018-12-15 11:20:15 UTC
Sorry, posted twice.

*** This bug has been marked as a duplicate of bug 1119629 ***