[Dovecot] Dovecot unable to access the shadow file

Joseba Torre joseba.torre at ehu.es
Fri Jan 25 12:46:23 EET 2013


El 24/01/13 19:07, kenwood escribió:
> I am installing Dovecot-2.1.13 on Slackware 13.37.0 for the first time to
> replace ipop3d and I have overcome all of the roadblocks as they have
> developed except this last one and I finally have to say “uncle”.
>
> The error messages that are showing up in the dovecot.log are as follows.
>
> Jan 24 12:27:27 tux2 dovecot: auth: Error: passwd-file /etc/shadow:
> open(/etc/shadow) failed: Permission denied (euid=202(dovecot)
> egid=202(dovecot) missing +r perm: /etc/shadow, we're not in group
> 43(shadow), dir owned by 0:0 mode=0755)
>
> Jan 24 12:27:27 tux2 dovecot: auth:
> passwd-file(user,192.168.10.2,<pw3xHwzUSQDAqAoC>): no passwd file:
> /etc/shadow
>
> Jan 24 12:27:29 tux2 dovecot: pop3-login: Warning: SSL alert: where=0x4008,
> ret=256: warning close notify [192.168.10.2]
>
> Jan 24 12:27:29 tux2 dovecot: pop3-login: Disconnected (auth failed, 1
> attempts in 2 secs): user=<user>, method=PLAIN, rip=192.168.10.2,
> lip=192.168.10.100, TLS: Disconnected, session=<pw3xHwzUSQDAqAoC>
>
> Based on what I have read the only user that should access the shadow file
> is root.  With that in mind I looked at all the configuration and .ext files
> and the only file I could find that would indicate that root should be
> checking the shadow file is 10-master.conf.  In that file it said the
> default service auth-worker was root but since it was apparently not working
> I removed the hash mark and made it explicit.   It still didn’t work.
>
> As a last resort even though it was not good practice I tried adding user
> dovecot to the group shadow but that did not work either.  It still says
> dovecot is not in the group shadow even though it is.  Any suggestions?

If your system is using pam, use it instead of accesing /etc/shadow directly

http://wiki2.dovecot.org/PasswordDatabase/PAM


More information about the dovecot mailing list