"LEVAI Daniel" leva@ecentrum.hu wrote on 16.10.2010 10:15:45:
Hi!
I'm trying to set up SQL based dict quota. The quota is working, gets updated but I had to configure really loose file permission to make it work:
dovecot.conf: dict { quota = pgsql:/etc/dovecot/dovecot_dict-sql.conf }
service dict { unix_listener dict { mode = 0660 group = vmail # sidenote: I noticed that writing the number equivalent # of 'vmail' here does not work. Why? } }
# ~ls -la /etc/dovecot/dovecot_dict-sql.conf -rw-r----- root vmail dovecot_dict-sql.conf
# ~ls -la /var/dovecot/dict srw-rw---- root vmail /var/dovecot/dict=
Every virtual user lookup returns a 'gid' field, and it is always 'vmail' (actually it is the number equivalent of 'vmail'). Despite that the imap process should run as the 'uid' and 'gid' values returned from the userdb, it can not read the dict config file:
dovecot.log: dict: Error: Can't open configuration file /etc/dovecot/dovecot_dict-sql.conf: Permission denied dict: Error: Failed to initialize dictionary 'quota' lda(<username>): Error: read(/var/dovecot//dict) failed: Remote disconnected
Now I must set o+r to the config file, which I really don't want to, given that it contains the db username and password. Strange thing is that the group r/w permission is enough for the dict= socket, and it doesn't need world-wide permissions at all.
Daniel
Hi, this are my settings:
service dict { unix_listener dict { mode = 0600 group = vmail } }
The owner of dovecot-dict-sql.conf.ext is root:dovecot with read permissions for the group.
Reposted to group... Regards, Miha
-- It's time to get rid of your current e-mail client ... ... and start using si.Mail.
It's small & free. ( http://www.simail.si/ )