[Dovecot] file system permissions
I am using Maildir and virtual domains.
I have the following definitions in the dovecot.conf: mail_uid = 10000 mail_gid = 10000 mail_location = maildir:/var/mail/apps/%d/%n/Maildir ...
Userdb database is LDAP based. Some users in LDAP might have a uid/gid defined. If thats the case, I want dovecot to use those uid/gid. If the user in LDAP does not have a uid/gid attribute, it'll fall back to using mail_uid/mail_gid as defined above.
(atleast thats what I am hoping to do...)
I set the permissions of /var/mail/apps, /var/mail/apps/%d directories 1777.
I also see the following error message when a message is received to one of the users: Jan 13 18:33:33 vds5 deliver(admin@domain.com): [ID 702911 mail.error] stat(/var/mail/apps/domain.com/admin/Maildir/tmp) failed: Permission denied
The permissions of this tmp directory are: drwx------ 2 vmail vmail 2 Jan 13 18:31 tmp
Why is deliver having problems writing to that? At this point, what uid is deliver running as?
Thanks!
On Sunday 13 January 2008 21:37:27 Anil wrote:
I am using Maildir and virtual domains.
I have the following definitions in the dovecot.conf: mail_uid = 10000 mail_gid = 10000 mail_location = maildir:/var/mail/apps/%d/%n/Maildir ...
Userdb database is LDAP based. Some users in LDAP might have a uid/gid
We do the same thing but we use user_global_uid and user_global_gid defined in the dovecot-ldap.conf file... it is not clear if you are using a PAM/LDAP or direct LDAP configuration but the options I mention are defined in this wiki page:
I am using direct LDAP. I want to make it so the user's LDAP overrides the default. If I set the default to user_global_uid/gid, would they get overriden? (I am going to try it now, but just asking...)
So, generally the idea is that I will create users in LDAP with uid/gid but if the users don't have those defined, it should fall back to "global" uid/gid.
On Jan 13, 2008 7:10 PM, Jim Horner jhorner@arinbe.com wrote:
On Sunday 13 January 2008 21:37:27 Anil wrote:
I am using Maildir and virtual domains.
I have the following definitions in the dovecot.conf: mail_uid = 10000 mail_gid = 10000 mail_location = maildir:/var/mail/apps/%d/%n/Maildir ...
Userdb database is LDAP based. Some users in LDAP might have a uid/gid
We do the same thing but we use user_global_uid and user_global_gid defined in the dovecot-ldap.conf file... it is not clear if you are using a PAM/LDAP or direct LDAP configuration but the options I mention are defined in this wiki page:
Jim, Maybe 1.1 doesn't have this option?
Jan 13 19:17:15 vds5 dovecot: [ID 107833 mail.error] auth(default): Error in configuration file /usr/local/dovecot/etc/dovecot-ldap.conf line 26: Unknown setting: user_global_uid
It might be that those were replaced with mail_uid and mail_gid in 1.1? Which version are you using?
Can you send me your entire configuration? This is really getting annoying. :)
Thanks.
On Jan 13, 2008 7:15 PM, Anil replicase@gmail.com wrote:
I am using direct LDAP. I want to make it so the user's LDAP overrides the default. If I set the default to user_global_uid/gid, would they get overriden? (I am going to try it now, but just asking...)
So, generally the idea is that I will create users in LDAP with uid/gid but if the users don't have those defined, it should fall back to "global" uid/gid.
On Jan 13, 2008 7:10 PM, Jim Horner jhorner@arinbe.com wrote:
On Sunday 13 January 2008 21:37:27 Anil wrote:
I am using Maildir and virtual domains.
I have the following definitions in the dovecot.conf: mail_uid = 10000 mail_gid = 10000 mail_location = maildir:/var/mail/apps/%d/%n/Maildir ...
Userdb database is LDAP based. Some users in LDAP might have a uid/gid
We do the same thing but we use user_global_uid and user_global_gid defined in the dovecot-ldap.conf file... it is not clear if you are using a PAM/LDAP or direct LDAP configuration but the options I mention are defined in this wiki page:
On Sun, 2008-01-13 at 18:37 -0800, Anil wrote:
I am using Maildir and virtual domains.
I have the following definitions in the dovecot.conf: mail_uid = 10000 mail_gid = 10000 mail_location = maildir:/var/mail/apps/%d/%n/Maildir ... .. I set the permissions of /var/mail/apps, /var/mail/apps/%d directories 1777. .. I also see the following error message when a message is received to one of the users: Jan 13 18:33:33 vds5 deliver(admin@domain.com): [ID 702911 mail.error] stat(/var/mail/apps/domain.com/admin/Maildir/tmp) failed: Permission denied
The permissions of this tmp directory are: drwx------ 2 vmail vmail 2 Jan 13 18:31 tmp
Assuming vmail is 10000 it looks ok.
Why is deliver having problems writing to that? At this point, what uid is deliver running as?
- Since this has been such a common problem, I finally added some code to make it clearly log what uid/gid it's running as and what directory has the permission problem: http://hg.dovecot.org/dovecot/rev/93fe72ef59f6
participants (3)
-
Anil
-
Jim Horner
-
Timo Sirainen