[Dovecot] EUID not changing when delivering to a mailbox

rastik at tereus.eu rastik at tereus.eu
Thu Feb 3 08:50:05 EET 2011 

Hello,

I've set up virtual mailboxes and I'm using one uid/gid pair  
(mail/mail) to deliver almost all messages. Some accounts I'd like to  
have accessible by local Linux accounts as well, so postfix is  
delivering them using separate uids (gid stays the same). But I run  
into a problem when dovecot auth correctly fetches uid/gid from MySQL  
database, but still uses general mail uid to access the mailbox  
instead of user uid.

This is what I have in dovecot log:

dovecot: auth(default): client in: AUTH  1       PLAIN   service=imap   
   secured lip=myipaddr        rip=myipaddr        lport=143        
rport=55513
dovecot: auth(default): client out: CONT 1
dovecot: auth(default): client in: CONT<hidden>
dovecot: auth-worker(default): sql(joe at mydomain.com,myipaddr): query:  
SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user,  
password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid  
FROM mailbox WHERE username = 'joe at mydomain.com' AND active = 1
dovecot: auth(default): client out: OK   1       user=joe at mydomain.com  
   uid=1000        gid=12
dovecot: auth(default): master in: REQUEST       11      17252   1
dovecot: auth(default): prefetch(joe at mydomain.com,myipaddr): success
dovecot: auth(default): master out: USER 11      joe at mydomain.com       
   home=/var/mail/mydomain.com/joe/        quota_rule=*:bytes=-1
dovecot: imap-login: Login: user=<joe at mydomain.com>, method=PLAIN,  
rip=myipaddr, lip=myipaddr, TLS
dovecot: IMAP(joe at mydomain.com):  
opendir(/var/mail/mydomain.com/joe/Maildir) failed: Permission denied  
(euid=8(mail) egid=12(mail) missing +r perm:  
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe at mydomain.com):  
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission  
denied (euid=8(mail) egid=12(mail) missing +x perm:  
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe at mydomain.com):  
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)  
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:  
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe at mydomain.com):  
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission  
denied (euid=8(mail) egid=12(mail) missing +r perm:  
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe at mydomain.com):  
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission  
denied (euid=8(mail) egid=12(mail) missing +x perm:  
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe at mydomain.com):  
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)  
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:  
/var/mail/mydomain.com/joe/Maildir)
ricola dovecot: IMAP(joe at mydomain.com):  
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission  
denied (euid=8(mail) egid=12(mail) missing +r perm:  
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe at mydomain.com): Disconnected: Logged out bytes=171/775

My configuration is:

# 1.2.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.36-hardened-r6 x86_64 Gentoo Base System release 2.0.1 ext4
listen: *, [::]
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
first_valid_uid: 8
last_valid_uid: 1999
first_valid_gid: 12
last_valid_gid: 12
mail_privileged_group: mail
mail_uid: 8
mail_gid: 12
mail_location: maildir:/var/mail/%d/%n/Maildir/:INDEX=/var/mail/%d/%n/indexes
lda:
   postmaster_address: postmaster at mydomain.com
   mail_plugins: quota
auth default:
   mechanisms: plain login
   user: nobody
   verbose: yes
   debug: yes
   passdb:
     driver: sql
     args: /etc/dovecot/dovecot-sql.conf
   userdb:
     driver: prefetch
   userdb:
     driver: sql
     args: /etc/dovecot/dovecot-sql.conf
   socket:
     type: listen
     client:
       path: /var/spool/postfix/private/auth
       mode: 432
       user: postfix
       group: postfix
     master:
       path: /var/run/dovecot/auth-master
       mode: 384
       user: mail
       group: mail


I'm not sure if I got the concept correctly, but I was expecting that  
dovecot will use uid from the database. I was not able to find any  
relevant information in the archives. If it was explained already in  
the past, please send me some keywords that would help me find it.

Thank you,
Rastislav Wartiak

More information about the dovecot mailing list