[Dovecot] permissions on auth-userdb

robert coore robertcoore at yahoo.com
Fri Jun 22 18:46:35 EEST 2012 

 <spamvoll <at> googlemail.com> writes:

> 
> Hi..
> 
> im still trying to upgrade to 2.0.
> Im getting:
> dovecot: lda: Error: userdb lookup:
> connect(/var/run/dovecot/auth-userdb) failed: Permission denied
> (euid=10000(vmail) egid=10000(vmail) missing +r perm:
> /var/run/dovecot/auth-userdb, euid is not dir owner)
> 
> the error is correct caus its owned by root. My Questions is who should own 
it ?
> Im not sure how that works, what process/user calls the auth-userdb ?
> The auth-userdb returns the args generated in master.conf, right ?
> 
> i think comment out the user and group setting in master.conf will fix
> it but im not sure if that is the securest way.
> 
> the mails come from postfix via dovecot-lda
> 
> Hans
> 
> master.conf
> service auth {
>   # auth_socket_path points to this userdb socket by default. It's typically
>   # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
>   # permissions make it readable only by root, but you may need to relax 
these
>   # permissions. Users that have access to this socket are able to get a list
>   # of all usernames and get results of everyone's userdb lookups.
>   unix_listener auth-userdb {
>     mode = 0600
>     #user = vmail
>     #group = vmail
>   }
> 
> auth-ldap.conf.ext
> passdb {
>   driver = ldap
>   args = /etc/dovecot/dovecot-ldap.conf.ext
> }
> userdb {
>   driver = static
>   args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
> mail=/home/MAILBOXES/%u/mail
> }
> 
> 


Hi all was getting the same errors took me 2 days to understand what it was 
saying to me but i finally solved it



if you do an ls -l /var/run/dovecot/auth-userdb you will seet that root is the 
owner and the premissions are srw-------- so vmail has not right to call or 
even use the process
What i did was a chown -R vmail:vmail /var/run/dovecot/auth-userdb
I also did a chmod g+r /var/run/dovecot/auth-userdb
ls -l /var/run/dovecot/auth-userdb
srw----r-- 1 vmail vmail 
my unix_listener auth-userdb {
    mode = 600
   {

protocol lda {
  auth_socket_path = /var/run/dovecot/auth-userdb
  log_path = /home/vmail/dovecot-deliver.log

that worked for me
1. havent restarted the dovecot service dont know if it will keep the settings.

More information about the dovecot mailing list