[Dovecot] /var/run/dovecot mode 750 too tight
Frank Cusack
fcusack at fcusack.com
Mon Nov 30 04:27:21 EET 2009
On November 29, 2009 8:40:13 PM +0100 Thomas Leuxner <tlx at leuxner.net>
wrote:
>
> Am 29.11.2009 um 20:31 schrieb Frank Cusack:
>>>> dovecot-1.2.8 creates /var/run/dovecot mode 750.
>>>>
>>>> I run postfix+dovecot in a virtual user setup. Postfix calls deliver
>>>> as user vmail group vmail.
>>>>
>>>> Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error]
>>>> deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master)
>>>> failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x
>>>> perm: /var/run/dovecot)
>
> So it can't access that directory as it states. It would create that
> structure upon start to my knowledge. Mine is
>
> [20:38] root spectre:/# l -d /var/run/dovecot
> drwxr-xr-x 3 root root 4096 2009-11-25 13:20 /var/run/dovecot
>
> What is yours?
Mine is, as I noted in the very first line of my email, mode 750.
I normally would have removed all of the quoted lines above but
I left it so you can see back to the first line.
You are probably missing the information that this is new in
dovecot-1.2.8. Prior to that, dovecot created /var/run/dovecot
mode 777, which was a security hole.
I wasn't looking for a fix, I was reporting a problem. It only affects
systems where /var/run is on tmpfs and so dovecot has to create
/var/run/dovecot the first time it runs after a reboot.
Thanks for the look, though.
-frank
More information about the dovecot
mailing list