[Dovecot] why dovecot try to access the uses's home?
hi, after i try to use dovecot with ldap i configure dovecot as:
first_valid_uid = 499 last_valid_uid = 499 first_valid_gid = 499 last_valid_gid = 499 default_mail_env = maildir:/home/mail/%d/%n auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n auth_passdb = ldap /etc/dovecot-ldap.conf
but after this i've got the error in imap.log:
dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed with uid 499: Permission denied
i see the reason since each user has it's own uid and uid 499 can't access to the users home which has 0700 access right. but why dovecot would like to access the user's home? does it nessesary? since in this case one static uid can be usable or this uid has to be read (write?) access to all user's home. is there any usage of static uid in this case? yours.
-- Levente "Si vis pacem para bellum!"
On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote:
default_mail_env = maildir:/home/mail/%d/%n auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n auth_passdb = ldap /etc/dovecot-ldap.conf
but after this i've got the error in imap.log:
dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed with uid 499: Permission denied
i see the reason since each user has it's own uid and uid 499 can't access to the users home which has 0700 access right. but why dovecot would like to access the user's home? does it nessesary? since in this case one static uid can be usable or this uid has to be read (write?) access to all user's home. is there any usage of static uid in this case?
Since you keep all the mail data in /home/mail/ instead of /home/users/, you might as well use /home/mail/%d/%n as user's home directory.
Currently home dir is used for nothing else than chdir()ing in there so core dumps can be written. In future it may optionally look some .dovecotrc file from there.
Timo Sirainen wrote:
On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote:
default_mail_env = maildir:/home/mail/%d/%n auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n auth_passdb = ldap /etc/dovecot-ldap.conf
but after this i've got the error in imap.log:
dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed with uid 499: Permission denied
i see the reason since each user has it's own uid and uid 499 can't access to the users home which has 0700 access right. but why dovecot would like to access the user's home? does it nessesary? since in this case one static uid can be usable or this uid has to be read (write?) access to all user's home. is there any usage of static uid in this case?
Since you keep all the mail data in /home/mail/ instead of /home/users/, you might as well use /home/mail/%d/%n as user's home directory.
since i'd like to separate the user's real home and it's mail directory (home may be accessed by some way, but i would like to "hide" maildir directory). this means the home directory is equal with mail directory? or it only has meaning in case of mbox?
Currently home dir is used for nothing else than chdir()ing in there so core dumps can be written. In future it may optionally look some .dovecotrc file from there.
this means i have to share this file someway to the users to be able to edit this file? wouldn't it be better to place this file into his real home directory not under the maildir? yours.
-- Levente "Si vis pacem para bellum!"
On Thu, 2004-12-30 at 16:35 +0100, Farkas Levente wrote:
Since you keep all the mail data in /home/mail/ instead of /home/users/, you might as well use /home/mail/%d/%n as user's home directory.
since i'd like to separate the user's real home and it's mail directory (home may be accessed by some way, but i would like to "hide" maildir directory). this means the home directory is equal with mail directory?
Yep.
or it only has meaning in case of mbox?
Maildir too.
Currently home dir is used for nothing else than chdir()ing in there so core dumps can be written. In future it may optionally look some .dovecotrc file from there.
this means i have to share this file someway to the users to be able to edit this file? wouldn't it be better to place this file into his real home directory not under the maildir?
Sure, but in that case you'd still have to make sure that Dovecot has read access to the user's .dovecotrc file, and in that case chdir() would work into the home dir. Unless Dovecot would read the file as root, hmm.
Timo Sirainen wrote:
On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote:
default_mail_env = maildir:/home/mail/%d/%n auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n auth_passdb = ldap /etc/dovecot-ldap.conf
but after this i've got the error in imap.log:
dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed with uid 499: Permission denied
i see the reason since each user has it's own uid and uid 499 can't access to the users home which has 0700 access right. but why dovecot would like to access the user's home? does it nessesary? since in this case one static uid can be usable or this uid has to be read (write?) access to all user's home. is there any usage of static uid in this case?
Since you keep all the mail data in /home/mail/ instead of /home/users/, you might as well use /home/mail/%d/%n as user's home directory.
Currently home dir is used for nothing else than chdir()ing in there so core dumps can be written. In future it may optionally look some .dovecotrc file from there.
i already read all the wiki and test it. i found in the wiki (which is not documented in the example conf file) that the static user database has both mail and home param, but even i try to set both dovecot try to access the home. so it's clear for me that what you called home is the chroot directory. but in this case imho it should have to called to chroot and not home (with a comment if the maildir is under the user's home than it can be the user's home). in this case i add a new variable %c as the chroot directory. as i read the list i found this is a very anoying naming (as it's a problem for others too), since home is used to be the user's home directory and dovecot has nothing to do with it. anyway it'd be useful to explain in the wiki, what is: default_mail_env valid_chroot_dirs mail_chroot user database's home (home in static, homeDirectory in ldap) user database's mail (mail in static, MAIL env in ldap) since it's not clear to me whether mail_chroot or user database's home is the chroot. whether default_mail_env or user database's mail is the where dovecot search for mails or they are redundant or equivalent or...?
-- Levente "Si vis pacem para bellum!"
On Mon, 2005-01-03 at 17:02 +0100, Farkas Levente wrote:
i already read all the wiki and test it. i found in the wiki (which is not documented in the example conf file) that the static user database has both mail and home param, but even i try to set both dovecot try to access the home.
"mail" setting can only be used to override default_mail_env. The reason why Dovecot doesn't just chdir() into the directory pointed by "mail" is that Dovecot doesn't necessarily know how to parse it. And it may not in fact even contain a directory at all, eg. "/var/mail/user" works as a mail, Dovecot will then default to ~/mail directory.
Actually, if you just don't let Dovecot know the home directory at all, it defaults to chdiring into /tmp.
so it's clear for me that what you called home is the chroot directory. but in this case imho it should have to called to chroot and not home (with a comment if the maildir is under the user's home than it can be the user's home).
Um... No. By default there is no chrooting anywhere and chroot directory may be higher than home/mail directory. eg.:
chroot = /home home = /home/user mail = /home/user/mail
in this case i add a new variable %c as the chroot directory.
If you chroot, the chroot directory is always /, so it's a bit pointless :)
as i read the list i found this is a very anoying naming (as it's a problem for others too), since home is used to be the user's home directory and dovecot has nothing to do with it.
I can't really think of what else to call it, suggestions welcome. Dovecot just needs a directory where it read+exec access to do some things, and it's not necessarily the mail directory.
I forgot to mention that besides chdir()ing, if you happen to use rawlogging it writes them to ~/dovecot.rawlog/ directory.
anyway it'd be useful to explain in the wiki, what is: default_mail_env valid_chroot_dirs mail_chroot user database's home (home in static, homeDirectory in ldap) user database's mail (mail in static, MAIL env in ldap) since it's not clear to me whether mail_chroot or user database's home is the chroot.
mail_chroot is the default chroot directory. You can override it for specific users by adding "/./" in the middle of home directory, eg. "/home/user/./mail" chroots into user's home directory.
I guess Wiki would need some separate page about chrooting describing how it works. (someone please write :)
whether default_mail_env or user database's mail is the where dovecot search for mails or they are redundant or equivalent or...?
database's mail overrides default_mail_env if given.
participants (2)
-
Farkas Levente
-
Timo Sirainen