On Wed, 16 Mar 2011 16:31:43 -0000, Timo Sirainen tss@iki.fi wrote:
On Wed, 2011-03-16 at 08:18 +0000, John Connett wrote:
$ ls -l /var/run/dovecot/auth-client Srw------- 1 root root 0 Mar 14 13:11 /var/run/dovecot/auth-client .. The problem is either with the instructions on the wiki or within dovecot. I will look at the source code to see if I can identify why
the permissions in conf.d/10-master.conf are not being applied. The
"service auth" part of conf.d/10-master.conf, stripped of comments, is:service auth { unix_listener auth-client { mode = 0660 user = mail } unix_listener auth-userdb { } }
Check with doveconf that Dovecot really sees those settings:
doveconf service/auth
Many thanks. Looks like it isn't seeing those settings (see output
below). The openSUSE source rpm has two patches which only modify the
following files:
dovecot-2.0-pigeonhole/configure.in
configure.in
to "Enable PIE support (default)". The source code is unmodified so any
problem is likely to be in the upstream:
dovecot-2.0.11.tar.bz2
dovecot-2.0-pigeonhole-0.2.2.tar.bz2
Also you didn't specify group for the auth-client, so you probably should keep it 0600..
I wondered about that myself. Granting rw group access to root doesn't
appear to provide any addition access to any users. I copied it exactly
from the example just in case there might have been some sneaky use of the
group permissions. Once I had it working I would have tried turning them
off to see if that broke anything. Granting rw user access to mail should
be sufficient for exim.
master:~ # doveconf service/auth service auth { chroot = client_limit = 4096 drop_priv_before_exec = no executable = auth extra_groups = group = idle_kill = 0 privileged_group = process_limit = 1 process_min_avail = 0 protocol = service_count = 0 type = unix_listener auth-client { group = mode = 0600 user = } unix_listener auth-login { group = mode = 0600 user = $default_internal_user } unix_listener auth-master { group = mode = 0600 user = } unix_listener auth-userdb { group = mode = 0600 user = } unix_listener login/login { group = mode = 0666 user = } user = $default_internal_user vsz_limit = 18446744073709551615 B } master:~ #