[Dovecot] dovecot Digest, Vol 124, Issue 4
Felix Rubio Dalmau
felixrubiodalmau at gmail.com
Fri Aug 2 08:43:01 EEST 2013
Hello Axel,
but then I don't get it: I thought that "uid" and "gid" in the user_query where used to access the local FS, whereas the "unix_listener auth-userdb" are used to indicate under which owner/group must be auth-userdb run... although maybe I'm wrong :-S :-)
What I'm looking forward to is to eliminate the need for returning these two fixed items, as long as all the virtual_users will be using the same uid and gid.
Does anybody know how can I do it??
Regards, and thank you!
Felix
> Date: Thu, 1 Aug 2013 17:50:33 +0200
> From: Axel Luttgens <AxelLuttgens at swing.be>
> To: Dovecot Mailing List <dovecot at dovecot.org>
> Subject: Re: [Dovecot] misconception in uid and gid
> Message-ID: <89AC3212-EFE6-41E5-A22D-97DC8E771218 at swing.be>
> Content-Type: text/plain; charset=iso-8859-1
>
> Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit :
>
> > [...]
> >
> > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show
> >
> > mail_uid = vmail
> > mail_gid = vmail
> >
> > I get this error:
> >
> > dovecot: auth: Error: userdb(<mail>): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)
> >
> > Does anybody know what is wrong in my set-up?
>
> Hello Felix,
>
> Yes and no...
> This still remains a bit unclear to me, but you could try something like this:
>
> service auth {
>
> unix_listener auth-userdb {
>
> # default: user = $default_internal_user
> group = vmail # default: group =
> mode = 0660 # default: mode = 0666
> }
> }
>
> The code has some provisions to avoid the auth-userdb to be too widely open, in spite of that default mode 0666. Changing that mode short-circuits those provisions, and the above is the most secure setting I could think of in the case of a single uid/gid setup.
>
> HTH,
> Axel
More information about the dovecot
mailing list