On 25 Aug 2015, at 20:55, Thomas Leuxner tlx@leuxner.net wrote:
- Timo Sirainen tss@iki.fi 2015.08.25 17:28:
==> /var/log/dovecot/dovecot.log <== Aug 25 09:42:07 nihlus dovecot: imap(tlx@leuxner.net): Error: net_connect_unix(/var/run/dovecot/imap-hibernate) failed: Permission denied Aug 25 09:42:07 nihlus dovecot: imap(tlx@leuxner.net): Error: Couldn't hibernate imap client: Couldn't export state: Virtual mailboxes have no GUIDs
Those are completely gone with the latest two commits. I was expecting the permission error to fire up. It seems a bit too quite. If it works would it spawn a hibernate-process? It looks so from the service section, but I don't see any "hibernate" processes active.
It no longer logs an error if the selected mailbox is virtual. It simply doesn't start up the hibernate process. If you set mail_debug=yes it'll log why it won't start the hibernation. Also just committed a change that logs the mailbox name.
'chmod 666' mitigates the permission issue on the socket. However it seems to have other issues then:
You can also change the unix_listener { user, group, mode } as needed for different services (imap, imap-hibernate). http://wiki2.dovecot.org/Services has some more info.
$ doveconf -a | grep -A 20 'service imap-hibernate' service imap-hibernate { […] unix_listener imap-hibernate { group = mode = 0600 user = } user = $default_internal_user
The question is what user it should be - or what user it should match in case several users come into play. With the standard setting $default_internal_user as above it does not work out of the box (at least with my config).
There's no good default setting here. It depends on your userdb settings and/or mail_uid setting. So for example if your imap processes are running as vmail user, you should set service imap-hibernate { unix_listener imap-hibernate { user = vmail } }. Then again if you are using system users (or otherwise multiple UIDs) it gets more difficult to implement this securely (mode=0666 works always, but security isn't too good). This same problem exists for various other parts of Dovecot, for example indexer-worker and dict services.