On Sat, Oct 27, 2007 at 10:13:46PM +0300, Timo Sirainen wrote:
On 27.10.2007, at 21.51, Adam McDougall wrote:
But the real problem is that dovecot-shared file is owned by a group that your imap process doesn't belong to. You probably want to add it to mail_extra_groups.
I want to avoid adding a group to any user that logs in because some of them are in many groups already and it might push them over the limit that FreeBSD allows, then they cannot login at all.
If you don't need the other groups in Dovecot you can get rid of them and just have the process use the user's primary group and mail_extra_groups. I think this should work:
userdb passwd { args = system_user= }
Actually, yes I like this alot and put this change into production. I was planning on using some secondary groups to prevent filesystem access, but I can accomplish the same protection easier with this and mail_extra_groups. Thanks! I didn't test yet that the secondary groups aren't loaded but I will sometime.
With some recent permission changes I've done (affects dovecot 1.0 as well), I get a good amount of these fchown errors and I was thinking of muting them so they do not fill my log, since they are harmless in my setup.
If these errors happen for index files Dovecot currently fallbacks to using in-memory indexes.
Oh. Ugh. That might explain why the indexes don't always seem to load. For some reason I thought dovecot might print a message when it falls back to in-memory indexes; would that be possible?
Right now in my public folder permission scheme, the only thing I need dovecot-shared for (I think) is making client-added emails world-readable at least (currently actually mode 666). As long as the indexes are accessible by the user, I don't care what mode or group they are.
How about this: http://hg.dovecot.org/dovecot/rev/0dd9b91fd52c
I will roll that in and test alongside the next patch you sent. Thanks.