[Dovecot] /var/run/dovecot mode 750 too tight

Frank Cusack fcusack at fcusack.com
Sun Nov 29 21:31:26 EET 2009


On November 29, 2009 8:11:28 PM +0100 Thomas Leuxner <tlx at leuxner.net> 
wrote:
>
> Am 29.11.2009 um 19:24 schrieb Frank Cusack:
>
>> dovecot-1.2.8 creates /var/run/dovecot mode 750.
>>
>> I run postfix+dovecot in a virtual user setup.  Postfix calls deliver
>> as user vmail group vmail.
>>
>> Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error]
>> deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master)
>> failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x
>> perm: /var/run/dovecot)
>>
>> I will say this: dovecot's error reporting in general is head and
>> shoulders above the norm.  Makes tracking down problems sooo much easier.
>>
>> Something else I noticed, should the dict-server socket really be mode
>> 777? At least a-x I would think.
>>
>> -frank
>
> Probably easier to tell if you would post your setup, but I guess this
> fixes it:
>
>   socket listen {
>         master {
>                 path = /var/run/dovecot/auth-master
>                 mode = 0600
>                 user= vmail
>                 group = vmail
>                 }

No, as that only affects the socket itself.  If you look at the error
message and my email you see that the problem is in the parent directory.

I do have user=vmail on the socket.  I didn't set group=vmail but with
mode 0600 that doesn't matter.

-frank


More information about the dovecot mailing list