- Timo Sirainen tss@iki.fi:
On Wed, 2010-10-06 at 15:33 +0200, Ralf Hildebrandt wrote:
service quota-warning { executable = script /usr/bin/quota-warning.sh user = vmail
The process is run as this user.
unix_listener quota-warning { mode = 0660 user = vmail group = vmail
This is the socket permissions, i.e. specifying what other processes can connect to it.
Can I run the script as user root or will dovecot deny this?
Yeah, you can make the service user=root, but give only vmail user permission to it so only processes running as vmail can connect to it.
Good. The question is: which user will connect to the socket?
dovecot-lda will assume the UID of the user it's trying to deliver to. So any user must be able to connect to the socket?
Do you use multiple UIDs for users?
Yes! Every user has his/her own UID.
An alternative to running as root would be to use LMTP to deliver the "over quota" mail to user and use some trick to disable quota for this. Maybe something like:
protocol lmtp { local_ip 127.0.0.1 { plugin { quota = maildir:user:noenforcing } } }
Ugh.
-- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebrandt@charite.de | http://www.charite.de