question: dovecot lda running as special user (vmail) or normal user (marcel)?

marcel.cochem marcel.cochem at googlemail.com
Fri Oct 10 08:17:27 UTC 2014


Dear Mailing List,

(version and dovecot -n at the bottom)
(Sorry for the bad English in this mail :) )

I'm new to dovecot and wanted to build my own mailserver using
dovecot+postfix.
I currently have a Problem with Permissions with my mailfolder.
I could solve it easily if i set it with chmod to 777. but thats no real
solution.

While reading my log files i see a lot messages like:
Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed:
Initializing mail storage from mail_location setting failed:
stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied
(euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir
owned by 5000:5000 mode=0700)
Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to
server log for more information.

So Currently two Users need to acces the mail-folder:
1. The user itself (here: owncloud)
2. The vmail user

I want to use dovecot with virtual users. Now the question is: shouldn't
the directory be accessed only by the vmail user? and not by the owncloud
user?

Second Quest:
If it's correct that the access is made by 2 users: what rights do they
need?
I Cant add all users to the group vmail and set g+rwx Permissions (every
user could read mails from other users, and even edit them!)

Thanks a Lot.
Kind Regards,

Marcel
------------------------------
------------------------------------------------------------------------------------

dovecot --version
2.2.13

dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_home = /home/vmail/example.com/%n
mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave duplicate
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    auto = subscribe
    special_use = \Drafts
  }
  mailbox Junk {
    auto = subscribe
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    auto = subscribe
    special_use = \Sent
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
  driver = passwd-file
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_after = /home/vmail/sieve-after
  sieve_before = /home/vmail/sieve-before
  sieve_dir = ~/sieve
}
protocols = imap sieve
service auth {
  unix_listener /var/spool/postfix/private/dovecot-auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
ssl_cert = </etc/ssl/certs/ssl_main.crt
ssl_cipher_list =
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = </etc/ssl/private/ssh_main_insecure
userdb {
  args = uid=5000 gid=5000 home=/home/vmail/example.com/%n
  driver = static
}
protocol imap {
  imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
  mail_max_userip_connections = 10
}
protocol lda {
  deliver_log_format = msgid=%m: %$
  mail_plugins = sieve
  postmaster_address = postmaster at example.com
  quota_full_tempfail = yes
  rejection_reason = Your message to <%t> was automatically rejected:%n%r
}

On Fri, Oct 10, 2014 at 10:13 AM, marcel.cochem <
marcel.cochem at googlemail.com> wrote:

> Dear Mailing List,
>
> (version and dovecot -n at the bottom)
> (Sorry for the bad English in this mail :) )
>
> I'm new to dovecot and wanted to build my own mailserver using
> dovecot+postfix.
> I currently have a Problem with Permissions with my mailfolder.
> I could solve it easily if i set it with chmod to 777. but thats no real
> solution.
>
> While reading my log files i see a lot messages like:
> Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization
> failed: Initializing mail storage from mail_location setting failed:
> stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied
> (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir
> owned by 5000:5000 mode=0700)
> Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to
> server log for more information.
>
> So Currently two Users need to acces the mail-folder:
> 1. The user itself (here: owncloud)
> 2. The vmail user
>
> I want to use dovecot with virtual users. Now the question is: shouldn't
> the directory be accessed only by the vmail user? and not by the owncloud
> user?
>
> Second Quest:
> If it's correct that the access is made by 2 users: what rights do they
> need?
> I Cant add all users to the group vmail and set g+rwx Permissions (every
> user could read mails from other users, and even edit them!)
>
> Thanks a Lot.
> Kind Regards,
>
> Marcel
>
> ------------------------------------------------------------------------------------------------------------------
>
> dovecot --version
> 2.2.13
>
> dovecot -n
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4
> auth_mechanisms = plain login
> auth_verbose = yes
> info_log_path = /var/log/dovecot-info.log
> log_path = /var/log/dovecot.log
> mail_home = /home/vmail/example.com/%n
> mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave duplicate
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
>     auto = subscribe
>     special_use = \Drafts
>   }
>   mailbox Junk {
>     auto = subscribe
>     special_use = \Junk
>   }
>   mailbox Sent {
>     auto = subscribe
>     special_use = \Sent
>   }
>   mailbox "Sent Messages" {
>     auto = subscribe
>     special_use = \Sent
>   }
>   mailbox Trash {
>     auto = subscribe
>     special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
>   driver = passwd-file
> }
> plugin {
>   sieve = ~/.dovecot.sieve
>   sieve_after = /home/vmail/sieve-after
>   sieve_before = /home/vmail/sieve-before
>   sieve_dir = ~/sieve
> }
> protocols = imap sieve
> service auth {
>   unix_listener /var/spool/postfix/private/dovecot-auth {
>     group = postfix
>     mode = 0660
>     user = postfix
>   }
> }
> ssl_cert = </etc/ssl/certs/ssl_main.crt
> ssl_cipher_list =
> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_key = </etc/ssl/private/ssh_main_insecure
> userdb {
>   args = uid=5000 gid=5000 home=/home/vmail/example.com/%n
>   driver = static
> }
> protocol imap {
>   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
>   mail_max_userip_connections = 10
> }
> protocol lda {
>   deliver_log_format = msgid=%m: %$
>   mail_plugins = sieve
>   postmaster_address = postmaster at example.com
>   quota_full_tempfail = yes
>   rejection_reason = Your message to <%t> was automatically rejected:%n%r
> }
>
>


More information about the dovecot mailing list