[Dovecot] quota sql dict permissions dilemma

Miha Vrhovnik miha.vrhovnik at cordia.si
Sat Oct 16 20:09:12 EEST 2010


"LEVAI Daniel" <leva at ecentrum.hu> wrote on 16.10.2010 10:15:45:

>Hi!
>
>
>I'm trying to set up SQL based dict quota. The quota is working, gets
>updated but I had to configure really loose file permission to make it
>work:
>
>dovecot.conf:
>dict {
>	quota = pgsql:/etc/dovecot/dovecot_dict-sql.conf
>}
>
>service dict {
>	unix_listener dict {
>		mode = 0660
>		group = vmail
>		# sidenote: I noticed that writing the number equivalent
>		# of 'vmail' here does not work. Why?
>	}
>}
>
>
># ~ls -la /etc/dovecot/dovecot_dict-sql.conf 
>-rw-r----- root vmail dovecot_dict-sql.conf
>
># ~ls -la /var/dovecot/dict 
>srw-rw---- root vmail /var/dovecot/dict=
>
>
>Every virtual user lookup returns a 'gid' field, and it is always
>'vmail' (actually it is the number equivalent of 'vmail').
>Despite that the imap process should run as the 'uid' and 'gid' values
>returned from the userdb, it can not read the dict config file:
>
>dovecot.log:
>dict: Error: Can't open configuration file /etc/dovecot/dovecot_dict-sql.conf: Permission denied
>dict: Error: Failed to initialize dictionary 'quota'
>lda(<username>): Error: read(/var/dovecot//dict) failed: Remote disconnected
>
>
>Now I must set o+r to the config file, which I really don't want to,
>given that it contains the db username and password.
>Strange thing is that the group r/w permission is enough for the dict=
>socket, and it doesn't need world-wide permissions at all.
>
>
>
>Daniel
>

Hi, 
this are my settings:

service dict {
	unix_listener dict {
		mode = 0600
		group = vmail
	}
}

The owner of dovecot-dict-sql.conf.ext is root:dovecot with read permissions for the group.

Reposted to group...
Regards,
Miha



-- 
It's time to get rid of your current e-mail client ...
... and start using si.Mail.

It's small & free. ( http://www.simail.si/ )


More information about the dovecot mailing list