RFE: Option to not become the cyrus user

[jasontibbitts]

I'm trying to get cassandane to run as part of my distro package build process. This means I get all of the testing our CI system does when it does automated rebuilds because of dependency changes.

This places some specific requirements on the whole stack, since cyrus isn't actually installed in the system (which cassandane handles fine) and because nothing will run as the configured cyrus user. In fact, that user won't even exist on the system until just before the package is installed.

To get around this, I'm applying the following:

diff --git a/Cassandane/Util/Setup.pm b/Cassandane/Util/Setup.pm
index 3a67f0b..5a81e51 100644
--- a/Cassandane/Util/Setup.pm
+++ b/Cassandane/Util/Setup.pm
@@ -57,6 +57,7 @@ my @saved_argv = @ARGV;

 sub become_cyrus
 {
+    return 0;
     my $cyrus = 'cyrus';
     my $pw = getpwnam($cyrus);
     die "No user named '$cyrus'"

If I could get an option (ini file or command line) to do the equivalent, it would be one less thing I'd have to patch.

Most of the cyrus binaries don't actually care; they will only complain if they're running as root. master itself does need a patch, but that's a one-liner as well. I'd argue that cyrus should perhaps warn but not abort, since I may have some more bizarre permission setup (acls or group permissions or whatever) which allows it to run just fine. Of course, that's a ticket to file in another repository.

[brong]

OK, if it's that simple then I'm in favour :) Can we do something like pass an environment variable CYRUS_USER or something? Potentially to both master AND to Cassandane.

[jasontibbitts]

If that was supported then things would be a bit easier for me, yes. There are various places that user checks pop up which I am patching around. I will report them all in turn, but right now cassandane has about 80 failures which is taking some time to sort through.

BTW, I think the ideal situation would be one in which cassandane doesn't have to do anything weird with privileges at all; it should be possible to just start the daemons and have them run as a regular user. Then you wouldn't need sudo or any of the setup, and could probably just run cassandane in any CI system you like.

[elliefm]

Cyrus itself already has this:

imapd.conf.5:

cyrus_user: The username to use as the 'cyrus' user. If not configured, the compile time default will be used. Can be further overridden by setting the $CYRUS_USER environment variable.

I don't think this option is well exercised though, ymmv as to whether it actually works in practice.

Seems like it wouldn't be hard to add a similar hook to Cassandane

[jasontibbitts]

Oh, neat. I wonder if I can just export that and then drop my patch to cyrus lib/util.c:become_cyrus(). Getting late for me now but I'll try tomorrow.

[elliefm]

0a6c13e makes Cassandane honour $CYRUS_USER as well

[jasontibbitts]

OK, I updated Cassandane, dropped some patches and just export CYRUS_USER appropriately. Everything's running fine.