Permissions and ownership on /dev/shm/dovecot

Fri Mar 25 16:57:11 UTC 2022

In that case things can be more peacefull.

I once had the mail in a NFS storage and was told to move to local 
storage because of speed issues.

Really don't know if the .cache and .log should be put in a fast local 
storage to speed up things.

On 25/03/2022 16:40, doug wrote:
> Thank you João! I too am concerned if this is a risky configuration. 
> My understanding is that the list indexes are not critical and that is 
> why the recommendation in an NFS environment is to place just those 
> and the lock files in memory. Other index files are on permanent storage:
>
> [doug at mailserverdev doug]$ find ./ -name *index*
> ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.cache
> ./mail/mailboxes/INBOX/dbox-Mails/dovecot.index.log
> ./mail/storage/dovecot.map.index.log.2
> ./mail/storage/dovecot.map.index
> ./mail/storage/dovecot.map.index.log
>
> Should I still be concerned?
>
> Doug
>
> On 3/25/2022 11:46 AM, João Silva wrote:
>>
>> I'm not sure about that configuration.
>>
>> I have seen huge index cache files for users with lots of mail, 
>> putting those in memory may be a risk.
>>
>>
>> On 25/03/2022 14:56, doug wrote:
>>> Hi,
>>>
>>> Environment: Dovecot  2.3.18 running on CentOS 7, mdbox, LDAP users
>>>
>>> I'm in the process of moving my mailboxes to NFS and moving with 
>>> lock and index files in temp storage following instructions from 
>>> https://doc.dovecot.org/configuration_manual/nfs.
>>>
>>> I set mail_location as:
>>>
>>>     mail_location =
>>>     mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index
>>>
>>> What I discovered is /dev/shm/dovecot is created by the initial user 
>>> who accesses their mail from a client, and with permissions 700.  
>>> This prevents subsequent users from creating their own index and 
>>> lock files.
>>>
>>>     # ls -l /dev/shm/dovecot
>>>     total 0
>>>     drwx------ 2 mary users 60 Mar 25 10:00 mary
>>>
>>> Sample error message from maillog during mail delivery and from a 
>>> dsync script.
>>>
>>>     Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>>>
>>>     dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>>>
>>> I couldn't locate documentation or discussions on how to set the 
>>> ownership or permissions for /dev/shm/dovecot in the Dovecot 
>>> configuration files.
>>>
>>> As a hack, I added this to /usr/libexec/dovecot/prestartscript.
>>>
>>>     ! [[ -d  /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot
>>>     chown dovecot:users /dev/shm/dovecot
>>>     chmod 770 /dev/shm/dovecot
>>>
>>> This solved the problem, but left me wondering if I missed something 
>>> obvious or if I am setting myself up for a problem later on, like 
>>> with a Dovecot version upgrade. I could run these commands at bootup 
>>> out of rc.local or a systemd script rather than customizing a 
>>> Dovecot provided script.
>>>
>>> Is there a appropriate way of doing this that I missed?
>>>
>>> TIA,
>>> Doug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/89a37cd9/attachment.htm>