[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

mephistopheles at operamail.com mephistopheles at operamail.com
Wed Oct 12 05:43:42 EEST 2011 

I have Dovecot2 auth setup to run as

	user  = doveauth
	group = dovecot

configured in,

	vi conf.d/10-master.conf
		...
		service auth {
			unix_listener /var/spool/postfix/private/auth {
				user  = postfix
				group = postfix
				mode  = 0660
			}
			user  = doveauth
			group = dovecot
		}
		service auth-worker {
			user  = doveauth
			group = dovecot
		}
		...

When I start Dovecot,

	ls -al /var/run/dovecot/auth-*
		/bin/ls: No match.

	service dovecot-custom start
		Starting Dovecot ...           done

Dovect's auth-process sockets are created with different ownership than
what I specified,

	ls -al /var/run/dovecot/auth-*
		srw------- 1 root    root 0 Oct 11 19:30
		/var/run/dovecot/auth-client
		srw------- 1 dovecot root 0 Oct 11 19:30
		/var/run/dovecot/auth-login
		srw------- 1 root    root 0 Oct 11 19:30
		/var/run/dovecot/auth-master
		srw------- 1 root    root 0 Oct 11 19:30
		/var/run/dovecot/auth-userdb
		srw------- 1 dovecot root 0 Oct 11 19:30
		/var/run/dovecot/auth-worker

Which causes problems when I test AUTH,

	telnet 127.0.0.1 143
		Trying 127.0.0.1...
		Connected to 127.0.0.1.
		Escape character is '^]'.
		* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
		LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot
		ready.
	a login "xxx at domain.loc" "testpass"
		a NO [UNAVAILABLE] Temporary authentication failure.
		* OK Waiting for authentication process to respond..

In logs,

==> /var/log/dovecot/dovecot-debug.log <==
	Oct 11 19:32:11 auth: Debug: Loading modules from directory:
	/usr/lib64/dovecot/modules/auth
	Oct 11 19:32:11 auth: Debug: Module loaded:
	/usr/lib64/dovecot/modules/auth/libauthdb_ldap.so
	Oct 11 19:32:11 auth: Debug: Module loaded:
	/usr/lib64/dovecot/modules/auth/libdriver_mysql.so
	Oct 11 19:32:11 auth: Debug: Module loaded:
	/usr/lib64/dovecot/modules/auth/libdriver_pgsql.so
	Oct 11 19:32:11 auth: Debug: Module loaded:
	/usr/lib64/dovecot/modules/auth/libdriver_sqlite.so
	Oct 11 19:32:11 auth: Debug: Module loaded:
	/usr/lib64/dovecot/modules/auth/libmech_gssapi.so
	Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397)
	Oct 11 19:32:17 auth: Debug: client in: AUTH    1       PLAIN  
	service=imap    secured lip=127.0.0.1   rip=127.0.0.1lport=143  
	   rport=47016     resp=<hidden>

==> /var/log/dovecot/dovecot.log <==
	Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in
	directory /var/run/dovecot failed: Permission denied
	(euid=1101(doveauth) egid=305(dovecot) missing +r perm:
	/var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755)

What needs to change to get those sockets created with correct/assigned
ownership & perms?

More information about the dovecot mailing list