Hello Axel,
but then I don't get it: I thought that "uid" and "gid" in the user_query where used to access the local FS, whereas the "unix_listener auth-userdb" are used to indicate under which owner/group must be auth-userdb run... although maybe I'm wrong :-S :-)
What I'm looking forward to is to eliminate the need for returning these two fixed items, as long as all the virtual_users will be using the same uid and gid.
Does anybody know how can I do it??
Regards, and thank you!
FelixDate: Thu, 1 Aug 2013 17:50:33 +0200 From: Axel Luttgens <AxelLuttgens@swing.be> To: Dovecot Mailing List <dovecot@dovecot.org> Subject: Re: [Dovecot] misconception in uid and gid Message-ID: <89AC3212-EFE6-41E5-A22D-97DC8E771218@swing.be> Content-Type: text/plain; charset=iso-8859-1
Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit :
[...]
Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and modify the file conf.d/10-mail.conf to show
mail_uid = vmail mail_gid = vmail
I get this error:
dovecot: auth: Error: userdb(<mail>): client doesn't have lookup permissions for this user: userdb reply doesn't contain uid (change userdb socket permissions)
Does anybody know what is wrong in my set-up?
Hello Felix,
Yes and no... This still remains a bit unclear to me, but you could try something like this:
service auth {
unix_listener auth-userdb { # default: user = $default_internal_user group = vmail # default: group = mode = 0660 # default: mode = 0666 }}
The code has some provisions to avoid the auth-userdb to be too widely open, in spite of that default mode 0666. Changing that mode short-circuits those provisions, and the above is the most secure setting I could think of in the case of a single uid/gid setup.
HTH, Axel