[Dovecot] Dsync error: Couldn't drop privileges: getgrnam

Alan McGinlay - SICS alanm at sics.se
Tue Dec 10 12:52:27 EET 2013 

On 2013-12-10 11:34, Robert Schetterer wrote:
> Am 10.12.2013 11:25, schrieb Alan McGinlay - SICS:
> On 2013-12-09 11:21, Alan McGinlay - SICS wrote:
> On 2013-12-08 22:08, Alan McGinlay - SICS wrote:
> Actually I do, /var/vmail (contains virtual domain mailboxes) is
> owned by vmail:vmail
> 
> On 2013-12-08 21:49, Timo Sirainen wrote:
> On 5.12.2013, at 22.18, Alan McGinlay - SICS <alanm at sics.se> wrote:
> 
> mail_privileged_group = vmail
> ..
> mail_location = maildir:~/Maildir
> ..
> dsync(alantestuser at whatever.com): Error: user
> alantestuser at whatever.com: Couldn't drop privileges: getgrnam(vmail)
> failed: No such file or directory (in mail_privileged_group setting)
> 
> You don’t have vmail group in your system? Either create it or remove
> this setting. Most likely you want to remove it, since this setting
> was meant only for mbox format, while you’re using maildir.
> 
> After much trial and error and following Timos advice, I managed to
> get a sync to at least start and it lists folders, then it starts
> spamming this:
> 
> dsync(alantestuser at whatever.com): Error:
> safe_mkstemp(/tmp/dovecot.doveadm.) failed: No such file or directory
> dsync(alantestuser at whatever.com): Error:
> safe_mkstemp(/tmp/dovecot.doveadm.) failed: No such file or directory
> dsync(alantestuser at whatever.com): Error:
> safe_mkstemp(/tmp/dovecot.doveadm.) failed: No such file or directory
> ...
> 
> /tmp/dovecot.doveadm. does indeed not exist but I can't find any
> reference to it online or in the docs,
> 
> Any ideas?
> 
> 
> Still not able to get anywhere with this :( It really feels like a
> permissions problem, either with the master user, the unix user i 
> start
> the dsync with (root) or the user that dsync runs as (vmail). I tried
> looking at the code for safe_mkstemp but still couldn't work out the
> source of this problem. If anyone has an idea it would be great to 
> hear it!
> 
> perhaps check
> the dsync target directory must be writable by vmail:vmail
> 
> 
> Best Regards
> MfG Robert Schetterer

Thanks, vmail:vmail owns all mail and parent directories up to 
/var/vmail/. I tried changing mail_temp_dir in 10-mail.conf from /tmp/ 
to /var/vmail/tmp (and i created that directory) but it made no 
difference apart from changing the directory in the "safe_mkstemp" error 
message. If I comment out mail_temp_dir then the error changes to:

dsync(alantestuser at whatever.com): Error: 
safe_mkstemp(/tmp/dovecot.doveadm.) failed: Permission denied
dsync(alantestuser at whatever.com): Error: 
stat(/tmp/dovecot.doveadm.3c303c239d223495) failed: Permission denied

More information about the dovecot mailing list