On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote:
dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied
Using mailbox_command in Postfix means that dovecot-lda is running as the system user getting the mail. Which means it can't access the socket file. Of course, one can simply use mode 666 on it, but, then people can use it to find out information according to the doc, which I do not want.
So, I am not sure why the doc says to add -d for per user quotas, without also mentioning the problem with doing that. I don't see how it can work?
Assuming I need per user quotas, and I don't want to use LMTP, is there a good way around this without the security issue?
The possibilities are:
a) Start dovecot-lda so that the process belongs to extra group (e.g. dovecot) and make the socket rw for that group. I don't know if Postfix can do this for system users..
b) Use filesystem setgid bit for dovecot-lda
c) Run via sudo
The b) and c) are explained in wiki in the "multiple UIDs" section (although for setuid-root rather than setgid-dovecot).