[Dovecot] quota sql dict permissions dilemma
LEVAI Daniel
leva at ecentrum.hu
Sat Oct 16 11:15:45 EEST 2010
Hi!
I'm trying to set up SQL based dict quota. The quota is working, gets
updated but I had to configure really loose file permission to make it
work:
dovecot.conf:
dict {
quota = pgsql:/etc/dovecot/dovecot_dict-sql.conf
}
service dict {
unix_listener dict {
mode = 0660
group = vmail
# sidenote: I noticed that writing the number equivalent
# of 'vmail' here does not work. Why?
}
}
# ~ls -la /etc/dovecot/dovecot_dict-sql.conf
-rw-r----- root vmail dovecot_dict-sql.conf
# ~ls -la /var/dovecot/dict
srw-rw---- root vmail /var/dovecot/dict=
Every virtual user lookup returns a 'gid' field, and it is always
'vmail' (actually it is the number equivalent of 'vmail').
Despite that the imap process should run as the 'uid' and 'gid' values
returned from the userdb, it can not read the dict config file:
dovecot.log:
dict: Error: Can't open configuration file /etc/dovecot/dovecot_dict-sql.conf: Permission denied
dict: Error: Failed to initialize dictionary 'quota'
lda(<username>): Error: read(/var/dovecot//dict) failed: Remote disconnected
Now I must set o+r to the config file, which I really don't want to,
given that it contains the db username and password.
Strange thing is that the group r/w permission is enough for the dict=
socket, and it doesn't need world-wide permissions at all.
Daniel
--
LÉVAI Dániel
PGP key ID = 0x83B63A8F
Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
More information about the dovecot
mailing list