[Dovecot] auth both system and virtual users

Gerry Reno greno at verizon.net
Tue Oct 31 16:05:50 UTC 2006


Solution to virtual user auth:
  Needed to add:
  userdb passwd-file {
  args = /etc/imap.passwd
  }

More info on virtaul user mail storage:
  I created another virtual user, brichards, whose last name also begins
with 'r'.
/etc/imap.passwd:
tuser:{plain}pass:65534:65534::/var/mail/u/tuser
brichards:{plain}pass:65534:65534::/var/mail/r/brichards

When I logged into dovecot with 'brichards' it immediately gave me:
Connection closed by foreign host.

The /var/mail directory structure was not changed:
drwx------ 3 greno     greno     4096 Oct 30 21:11 /var/mail/r
drwx------ 3 greno     greno     4096 Oct 30 21:11 /var/mail/r/greno
drwx------ 5 greno     greno     4096 Oct 30 21:11 /var/mail/r/greno/Maildir
drwx------ 2 greno     greno     4096 Oct 30 21:11
/var/mail/r/greno/Maildir/cur

drwx------ 2 greno     greno     4096 Oct 30 21:11
/var/mail/r/greno/Maildir/new

drwx------ 2 greno     greno     4096 Oct 30 21:11
/var/mail/r/greno/Maildir/tmp

-rw------- 1 root      root      1581 Oct 28 15:45 /var/mail/root
drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u
drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser
drwx------ 5 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/cur

drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/new

drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28
/var/mail/u/tuser/Maildir/tmp

===> NOTE: nfsnoboby is uid 65534


And the maillog showed:
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client in: AUTH    1
PLAIN   service=IMAP    secured lip=::ffff:127.0.0.1    rip=::ffff:127.0.0.1
resp=AGJyaWNoYXJkcwBwYXNz
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default):
passwd-file(brichards,::fff
f:127.0.0.1): unknown user
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): passwd-file
/etc/imap.passw
d: Read 2 users
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client out: OK     1
user=brichards
Oct 31 09:41:40 grp-01-10-01 dovecot: chdir(/var/mail/r/brichards) failed
with u
id 65534: Permission denied
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master in: REQUEST 3
2276    1
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default):
passwd(brichards,::ffff:127
.0.0.1): unknown user
Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master out: USER   3
brichards       uid=65534       gid=65534       home=/var/mail/r/brichards
Oct 31 09:41:40 grp-01-10-01 dovecot: child 2382 (imap) returned error 89
Oct 31 09:41:40 grp-01-10-01 dovecot: imap-login: Login: user=<brichards>,
metho
d=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured


So for any system user there appears to be no problem creating the mail
directories.  For virtual users there is a directory ownership/permissions
problem that allows only one user for any last name beginning with the same
letter.  My thought is that all the directories preceding the Maildir
directory should be owned by 'mail' rather than the user.  Does this make
sense?

GR




> -----Original Message-----
> From: dovecot-bounces at dovecot.org [mailto:dovecot-bounces at dovecot.org]On
> Behalf Of Gerry Reno
> Sent: Monday, October 30, 2006 10:53 PM
> To: dovecot at dovecot.org
> Subject: Re: [Dovecot] auth both system and virtual users
>
>
> Followup:
>   The auth is working for system users but not for virtual users.  I have
> put the virtual user, tuser, in the file /etc/imap.passwd in /etc/passwd
> format using the example.  But I can never login with this user.
> Here is /etc/imap.passwd:
> tuser:{PLAIN}pass:65534:65534::/var/mail/u/tuser
>
> Other questions:
>   When I logged in the first time with system user, greno, it created the
> following tree under /var/mail:
> ./r/greno/Maildir/new
> ./r/greno/Maildir/cur
> ./r/greno/Maildir/tmp
>
>   This is great except that the top level directory, 'r', is owned by this
> user alone with very tight permissions.  What will happen with next user
> with last name beginning with 'r'?
>   drwx------ 3 greno greno 4096 Oct 30 21:11 r
> Is there a way in dovecot.conf to make this owned by dovecot or root and
> more open permissions?
> Or should I create whole alphabet directories, 'a','b','c'..., and assign
> them to dovecot owner?
>
>
>
>
>




More information about the dovecot mailing list