[Dovecot] auth both system and virtual users
Gerry Reno
greno at verizon.net
Tue Oct 31 16:05:50 UTC 2006
Solution to virtual user auth:
Needed to add:
userdb passwd-file {
args = /etc/imap.passwd
}
More info on virtaul user mail storage:
I created another virtual user, brichards, whose last name also begins
with 'r'.
/etc/imap.passwd:
tuser:{plain}pass:65534:65534::/var/mail/u/tuser
brichards:{plain}pass:65534:65534::/var/mail/r/brichards
When I logged into dovecot with 'brichards' it immediately gave me:
Connection closed by foreign host.
The /var/mail directory structure was not changed:
drwx------ 3 greno greno 4096 Oct 30 21:11 /var/mail/r
drwx------ 3 greno greno 4096 Oct 30 21:11 /var/mail/r/greno
drwx------ 5 greno greno 4096 Oct 30 21:11 /var/mail/r/greno/Maildir
drwx------ 2 greno greno 4096 Oct 30 21:11
/var/mail/r/greno/Maildir/cur
drwx------ 2 greno greno 4096 Oct 30 21:11
/var/mail/r/greno/Maildir/new
drwx------ 2 greno greno 4096 Oct 30 21:11
/var/mail/r/greno/Maildir/tmp
-rw------- 1 root root 1581 Oct 28 15:45 /var/mail/root
drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u
drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser
drwx------ 5 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/cur
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/new
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/tmp
===> NOTE: nfsnoboby is uid 65534
And the maillog showed:
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client in: AUTH 1
PLAIN service=IMAP secured lip=::ffff:127.0.0.1 rip=::ffff:127.0.0.1
resp=AGJyaWNoYXJkcwBwYXNz
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default):
passwd-file(brichards,::fff
f:127.0.0.1): unknown user
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): passwd-file
/etc/imap.passw
d: Read 2 users
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client out: OK 1
user=brichards
Oct 31 09:41:40 grp-01-10-01 dovecot: chdir(/var/mail/r/brichards) failed
with u
id 65534: Permission denied
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master in: REQUEST 3
2276 1
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default):
passwd(brichards,::ffff:127
.0.0.1): unknown user
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master out: USER 3
brichards uid=65534 gid=65534 home=/var/mail/r/brichards
Oct 31 09:41:40 grp-01-10-01 dovecot: child 2382 (imap) returned error 89
Oct 31 09:41:40 grp-01-10-01 dovecot: imap-login: Login: user=<brichards>,
metho
d=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
So for any system user there appears to be no problem creating the mail
directories. For virtual users there is a directory ownership/permissions
problem that allows only one user for any last name beginning with the same
letter. My thought is that all the directories preceding the Maildir
directory should be owned by 'mail' rather than the user. Does this make
sense?
GR
> -----Original Message-----
> From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org]On
> Behalf Of Gerry Reno
> Sent: Monday, October 30, 2006 10:53 PM
> To: dovecot at dovecot.org
> Subject: Re: [Dovecot] auth both system and virtual users
>
>
> Followup:
> The auth is working for system users but not for virtual users. I have
> put the virtual user, tuser, in the file /etc/imap.passwd in /etc/passwd
> format using the example. But I can never login with this user.
> Here is /etc/imap.passwd:
> tuser:{PLAIN}pass:65534:65534::/var/mail/u/tuser
>
> Other questions:
> When I logged in the first time with system user, greno, it created the
> following tree under /var/mail:
> ./r/greno/Maildir/new
> ./r/greno/Maildir/cur
> ./r/greno/Maildir/tmp
>
> This is great except that the top level directory, 'r', is owned by this
> user alone with very tight permissions. What will happen with next user
> with last name beginning with 'r'?
> drwx------ 3 greno greno 4096 Oct 30 21:11 r
> Is there a way in dovecot.conf to make this owned by dovecot or root and
> more open permissions?
> Or should I create whole alphabet directories, 'a','b','c'..., and assign
> them to dovecot owner?
>
>
>
>
>
More information about the dovecot
mailing list