CRAM MD5 passwd db permission issue
Gerben Wierda
gerben.wierda at rna.nl
Wed Jan 4 15:59:34 UTC 2023
I am busy migrating. I am moving from macOS+MacPorts to Ubuntu+Docker
On the old system, I have this in the dovecot config:
mail_uid = _dovecot
mail_gid = mail
mail_privileged_group = mail
mail_access_groups = mail
This seems weird to me, I think the dovecot user should be in group dovecot only if I understand the docs. On the old system dovecot, postfix, dovenull and rspamd are all members of the mail group.
On that system, the cram md5 passwd database (file) has these permissions:
drwxr-xr-x 3 root wheel 96 Feb 2 2021 .
drwxr-xr-x 22 root admin 704 Jan 4 15:17 ..
-rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd
and that has worked like that for many years, basically starting with Mac OS X Server, surviving all kinds of macOS migrations.
On my new Ubuntu system I've copied this setup over:
drwxr-xr-x 2 root root 4096 Jan 4 09:49 .
drwxr-xr-x 7 root root 4096 Jan 4 15:21 ..
-rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd
mail_uid = dovecot
mail_gid = mail
mail_privileged_group = mail
mail_access_groups = mail
But:
Jan 04 15:40:08 auth: Error: passwd-file /etc/dovecot/etc/cram-md5.pwd:open(/etc/dovecot/etc/cram-md5.pwd) failed: Permission denied (euid=91(dovecot) egid=91(dovecot) missing +r perm: /etc/dovecot/etc/cram-md5.pwd, we're not in group 8(mail), dir owned by 0:0 mode=0755)
And really, dovecot is in group mail. From /etc/group:
mail:x:8:postfix,dovecot
dovenull:x:90:
dovecot:x:91:
And from /etc/passwd:
dovenull:x:90:90::/home/dovenull:/usr/sbin/nologin
dovecot:x:91:91::/home/dovecot:/usr/sbin/nologin
So, that I get this error baffles me.
Gerben Wierda (LinkedIn <https://www.linkedin.com/in/gerbenwierda>)
R&A IT Strategy <https://ea.rna.nl/> (main site)
Book: Chess and the Art of Enterprise Architecture <https://ea.rna.nl/the-book/>
Book: Mastering ArchiMate <https://ea.rna.nl/the-book-edition-iii/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20230104/08ff72e6/attachment-0001.htm>
More information about the dovecot
mailing list