[Dovecot] dovecot Digest, Vol 124, Issue 4

[Felix Rubio Dalmau]

Hello Axel,

	but then I don't get it: I thought that "uid" and "gid" in the user_query where used to access the local FS, whereas the "unix_listener auth-userdb" are used to indicate under which owner/group must be auth-userdb run... although maybe I'm wrong :-S :-)

	What I'm looking forward to is to eliminate the need for returning these two fixed items, as long as all the virtual_users will be using the same uid and gid.

	Does anybody know how can I do it??

	Regards, and thank you!

	Felix

> Date: Thu, 1 Aug 2013 17:50:33 +0200
> From: Axel Luttgens <AxelLuttgens at swing.be>
> To: Dovecot Mailing List <dovecot at dovecot.org>
> Subject: Re: [Dovecot] misconception in uid and gid
> Message-ID: <89AC3212-EFE6-41E5-A22D-97DC8E771218 at swing.be>
> Content-Type: text/plain; charset=iso-8859-1
> 
> Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit :
> 
> > [...]
> > 
> > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show
> > 
> > 	mail_uid = vmail
> > 	mail_gid = vmail
> > 
> > I get this error:
> > 
> > 	dovecot: auth: Error: userdb(<mail>): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)
> > 
> > Does anybody know what is wrong in my set-up?
> 
> Hello Felix,
> 
> Yes and no...
> This still remains a bit unclear to me, but you could try something like this:
> 
> 	service auth {
> 
> 		unix_listener auth-userdb {
> 
> 					# default: user = $default_internal_user
> 			group = vmail	# default: group = 
> 			mode = 0660	# default: mode = 0666
> 		}
> 	}
> 
> The code has some provisions to avoid the auth-userdb to be too widely open, in spite of that default mode 0666. Changing that mode short-circuits those provisions, and the above is the most secure setting I could think of in the case of a single uid/gid setup.
> 
> HTH,
> Axel