First steps in Dovecot; IMAP not working
Joseph Tam
jtam.home at gmail.com
Fri Oct 14 21:27:58 UTC 2016
(Sorry I read this list in digest form so frequently I'm half a step
behind.)
> For sake of ?security?, I chose to not allow plaintext communication
> (being new to this, I think being strict is a good choice). I?ve tried
> with the openssl option and it successfully logged in.
Yes, you've included some more log entries, which makes the problem clearer,
as it usually does.
> Oct 13 05:56:28 imap(webuser): Error: open(/var/mail/webuser) failed:
> Permission denied (euid=1001(webuser) egid=1000(ftpusers) missing +w perm:
> /var/mail, we're not in group 8(mail), dir owned by 0:8 mode=0775)
> ...
> I checked, using ls -l /var, and I get this:
> drwxrwsr-x 2 root mail 4096 Apr 27 11:27 mail
> so the group looks to be correctly set to 'mail', despite what the log says,
> right?
No, it's quite explicit. User "webuser" has uid/gid =
1001(webuser)/1000(ftpusers). Your mail spool has permission uid/gid
= root(0)/mail(8), neither of which allows webuser to write to this
mail spool to creates its own mail folder.
Aki Tuomi <aki.tuomi at dovecot.fi> replies with several solutions:
> In your configuration, dovecot uses whatever user/group returned by
> PAM. Since the webuser has never logged in, it has no directory under
> /var/mail. If you want, you can
>
> a) override mail_uid and mail_gid in userdb/passdb
> b) pre-create /var/mail/webuser and chown it to webuser:ftpusers
> c) you can let ftpusers write to /var/mail.
Or if you dynamically/frequently onboard mail accounts, and users cannot
arbitrarily write into this directory, you can "chmod 1777 /var/mail/" and
let dovecot auto-create it (might also want to set "lda_mailbox_autocreate
= yes".
Joseph Tam <jtam.home at gmail.com>
More information about the dovecot
mailing list