Quoting Timo Sirainen tss@iki.fi:
No, that's the least of its troubles. If you can't run dovecot-lda
as root, it won't be able to change its UID to the user's UID (and
so won't have enough permissions to be able to write mails to user's
mailbox). So you need to run dovecot-lda as root in some way, and
after that it becomes pretty much irrelevant what auth-userdb's
permissions are.
Hmmm, well in my setup dovecot-lda is called from Exim with "user="
set to a MySQL query. I'd guess that that means Exim runs dovecot-lda
as the user directly so I don't have the issue you mention above. But
where the permission on the auth-userdb socket are root:vmail 0660,
the dovecot-lda is called as vmail and the vmail user is a member of
the vmail group I get the error:
Aug 11 03:38:06 lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: Permission denied
(euid=25110(vmail) egid=25110(vmail) missing +r perm:
/var/run/dovecot/auth-userdb, euid is not dir owner)
In the dovecot log when dovecot-lda is called. Hence I thought the
socket permissions where related to the multiple UID restriction...
thanks Andy.