Home » Mac OS » Solution for: “macOS, Dovecot and setgroups() failed: Too many extra groups”

About Heiko Rupp

Heiko Rupp
Heiko is a senior software engineer working at Red Hat in the area of systems management (RHQ project). He also works on an open source Twitter client called Zwitscher.

Solution for: “macOS, Dovecot and setgroups() failed: Too many extra groups”

I upgraded my home server to macOS 10.14 after the upgrade on my laptop went very smooth. Also here the upgrade went smooth, but in the evening I discovered that I did not get any new email.

I started investigating. First I saw that Dovecot did not correctly start because an very old pid file said it has pid 104 and indeed there was a process wit pid 104, so dovecot though that is itself and stopped.

After removing the pid file and restarting Dovecot, it started again and correctly listened on port 993 (imaps). But the imap client still could not login.

Dovecot.log showed a lot of messages

Oct 11 08:10:27 imap(hwr)<12659>: Fatal: setgroups(501) failed: Too many extra groups

Reading the manpage for setgroups() revealed that this call fails when more than NGROUP_MAX (=16) groups are passed. And indeed the user has more than 16 groups:

$ id -G hwr
20 6 12 61 80 98 500 701 702 30 33 100 204 250 395 103 104

Looking at them shows a lot of groups that macOS creates and assigns internally and which one can’t (easily) delete

$ id hwr
...
701(com.apple.sharepoint.group.1),702(com.apple.sharepoint.group.2),30(_keytabusers),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),103(com.apple.access_screensharing-disabled),104(com.apple.access_ssh-disabled)

I wrote to the dovecot mailing list and after an email exchange it turned out that there is a config option already present that can help here to reduce the number of groups passed to setgroups().

So the solution for me is to last_valid_gid = 100 in /usr/local/etc/dovecot/conf.d/10-mail.conf and restart Dovecot.

And now it is again humming along nicely 🙂

Published on System Code Geeks with permission by Heiko Rupp, partner at our SCG program. See the original article here: Solution for: “macOS, Dovecot and setgroups() failed: Too many extra groups”

Opinions expressed by System Code Geeks contributors are their own.

(0 rating, 0 votes)
You need to be a registered member to rate this.
Start the discussion Views Tweet it!
Do you want to know how to develop your skillset to become a sysadmin Rockstar?
Subscribe to our newsletter to start Rocking right now!
To get you started we give you our best selling eBooks for FREE!
1. Introduction to NGINX
2. Apache HTTP Server Cookbook
3. VirtualBox Essentials
4. Nagios Monitoring Cookbook
5. Linux BASH Programming Cookbook
6. Postgresql Database Tutorial
and many more ....
I agree to the Terms and Privacy Policy

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of