Hi!
I'm trying to set up SQL based dict quota. The quota is working, gets updated but I had to configure really loose file permission to make it work:
dovecot.conf: dict { quota = pgsql:/etc/dovecot/dovecot_dict-sql.conf }
service dict { unix_listener dict { mode = 0660 group = vmail # sidenote: I noticed that writing the number equivalent # of 'vmail' here does not work. Why? } }
# ~ls -la /etc/dovecot/dovecot_dict-sql.conf -rw-r----- root vmail dovecot_dict-sql.conf
# ~ls -la /var/dovecot/dict srw-rw---- root vmail /var/dovecot/dict=
Every virtual user lookup returns a 'gid' field, and it is always 'vmail' (actually it is the number equivalent of 'vmail'). Despite that the imap process should run as the 'uid' and 'gid' values returned from the userdb, it can not read the dict config file:
dovecot.log: dict: Error: Can't open configuration file /etc/dovecot/dovecot_dict-sql.conf: Permission denied dict: Error: Failed to initialize dictionary 'quota' lda(<username>): Error: read(/var/dovecot//dict) failed: Remote disconnected
Now I must set o+r to the config file, which I really don't want to, given that it contains the db username and password. Strange thing is that the group r/w permission is enough for the dict= socket, and it doesn't need world-wide permissions at all.
Daniel
-- LÉVAI Dániel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F