[Dovecot] permissions on auth-userdb

Egbert Jan van den Bussche egbert at vandenbussche.nl
Tue Aug 31 10:34:41 EEST 2010


Op 31-8-2010 2:13, spamvoll at googlemail.com schreef:
> Hi..
>
> im still trying to upgrade to 2.0.
> Im getting:
> dovecot: lda: Error: userdb lookup:
> connect(/var/run/dovecot/auth-userdb) failed: Permission denied
> (euid=10000(vmail) egid=10000(vmail) missing +r perm:
> /var/run/dovecot/auth-userdb, euid is not dir owner)
>
> the error is correct caus its owned by root. My Questions is who should own it ?
> Im not sure how that works, what process/user calls the auth-userdb ?
> The auth-userdb returns the args generated in master.conf, right ?
>
> i think comment out the user and group setting in master.conf will fix
> it but im not sure if that is the securest way.
>
> the mails come from postfix via dovecot-lda
>
> Hans
>
> master.conf
> service auth {
>    # auth_socket_path points to this userdb socket by default. It's typically
>    # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
>    # permissions make it readable only by root, but you may need to relax these
>    # permissions. Users that have access to this socket are able to get a list
>    # of all usernames and get results of everyone's userdb lookups.
>    unix_listener auth-userdb {
>      mode = 0600
>      #user = vmail
>      #group = vmail
>    }
>
> auth-ldap.conf.ext
> passdb {
>    driver = ldap
>    args = /etc/dovecot/dovecot-ldap.conf.ext
> }
> userdb {
>    driver = static
>    args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
> mail=/home/MAILBOXES/%u/mail
> }
Had more or less the same fight with 1.2.9. I had to change auth user to 
the group 'shadow' (if /etc/shadow is owned by group shadow). Or run 
auth under the default user  'root'.

In your case it has to do with the passdb and/or userdb you use. In my 
case I had the problems with local users via pam.

HTH
Egbert Jan


More information about the dovecot mailing list