This is a late response, sorry--it got pushed down the stack.

> Not sure what you are trying to do, but another option 

I am trying to get postfix + postfixadmin working with Dovecot. 

All of the user and domain configuration is in Mysqldb, and the mail directories in /var/mail/vmail are owned by vmail:
root@mailserver:/var/mail# ls -l
total 20
drwx------ 2 root  root  16384 Sep 12 17:30 lost+found
drwxr-xr-x 3 vmail vmail  4096 Sep 26 00:00 vmail

> might be give user vmail dovecot group access so vmail 
> can access files with a dovecot group read permission.

THe process in /run/dovecot is: 

srw------- 1 vmail   root       0 Oct 12 03:12 auth-userdb
srw------- 1 dovecot root       0 Oct 12 03:12 auth-worker
Oddly enough the auth-userdb is owned by vmail. 

I tried setting
service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  user = $default_internal_user
}

and it didn't help.



On Sun, Oct 3, 2021 at 5:02 PM <dovecot@ptld.com> wrote:
> Oct 03 20:19:52 auth: Error: net_connect_unix(auth-worker) in directory
> /run/dovecot failed: Permission denied (euid=5000(vmail)
> egid=5000(vmail) missing +r perm: /run/dovecot/auth-worker, dir owned
> by 0:0 mode=0755)

> I set this about an hour ago, then applied some security patches and
> restarted

Files and directories inside of /run/ are created every time you reboot
the server. If you manually change the owner or permissions it will only
stay that way until next reboot. You have to edit config settings for
the service in question for how you want those directories / files
created on reboot. I do not know how to do that in ubuntu but in RHEL
you edit (or create) config files in /etc/tmpfiles.d/

Package installed default on RHEL
    /usr/lib/tmpfiles.d/dovecot.conf
    "d /var/run/dovecot 0755 root dovecot -"

Not sure what you are trying to do, but another option might be give
user vmail dovecot group access so vmail can access files with a dovecot
group read permission.
     usermod -a -G dovecot vmail