[Dovecot] exim and /var/run/dovecot/auth-client permissions

John Connett john.connett at ntlworld.com
Thu Mar 17 01:25:08 EET 2011 

On Wed, 16 Mar 2011 16:31:43 -0000, Timo Sirainen <tss at iki.fi> wrote:

> On Wed, 2011-03-16 at 08:18 +0000, John Connett wrote:
>> > $ ls -l /var/run/dovecot/auth-client
>> > Srw------- 1 root root 0 Mar 14 13:11 /var/run/dovecot/auth-client
> ..
>> The problem is either with the instructions on the wiki or within
>> dovecot.  I will look at the source code to see if I can identify why  
>> the
>> permissions in conf.d/10-master.conf are not being applied.  The  
>> "service
>> auth" part of conf.d/10-master.conf, stripped of comments, is:
>>
>> service auth {
>>    unix_listener auth-client {
>>      mode = 0660
>>      user = mail
>>    }
>>    unix_listener auth-userdb {
>>    }
>> }
>
> Check with doveconf that Dovecot really sees those settings:
>
> doveconf service/auth

Many thanks.  Looks like it isn't seeing those settings (see output  
below).  The openSUSE source rpm has two patches which only modify the  
following files:
     dovecot-2.0-pigeonhole/configure.in
     configure.in
to "Enable PIE support (default)".  The source code is unmodified so any  
problem is likely to be in the upstream:
     dovecot-2.0.11.tar.bz2
     dovecot-2.0-pigeonhole-0.2.2.tar.bz2

> Also you didn't specify group for the auth-client, so you probably
> should keep it 0600..

I wondered about that myself.  Granting rw group access to root doesn't  
appear to provide any addition access to any users.  I copied it exactly  
 from the example just in case there might have been some sneaky use of the  
group permissions.  Once I had it working I would have tried turning them  
off to see if that broke anything.  Granting rw user access to mail should  
be sufficient for exim.

master:~ # doveconf service/auth
service auth {
   chroot =
   client_limit = 4096
   drop_priv_before_exec = no
   executable = auth
   extra_groups =
   group =
   idle_kill = 0
   privileged_group =
   process_limit = 1
   process_min_avail = 0
   protocol =
   service_count = 0
   type =
   unix_listener auth-client {
     group =
     mode = 0600
     user =
   }
   unix_listener auth-login {
     group =
     mode = 0600
     user = $default_internal_user
   }
   unix_listener auth-master {
     group =
     mode = 0600
     user =
   }
   unix_listener auth-userdb {
     group =
     mode = 0600
     user =
   }
   unix_listener login/login {
     group =
     mode = 0666
     user =
   }
   user = $default_internal_user
   vsz_limit = 18446744073709551615 B
}
master:~ #

More information about the dovecot mailing list