[Dovecot] file rights for dictionary file
Hi,
I use Debian Squeeze and the sources from Stephan Bosch. A few weeks ago I´ve upgraded from 2.0.11 to 2.0.13 and got an error
May 29 20:01:53 mailserver dovecot: dict: Error: Can't open configuration file /etc/dovecot/dovecot-dict-sql.conf.ext: Permission denied May 29 20:01:53 mailserver dovecot: dict: Error: Failed to initialize dictionary 'quota'
and I could see that /etc/dovecot/dovecot-dict-sql.conf.ext is owning by root:root with 600. After changing to root:root 644 all works, but after each upgrade all files in /etc/dovecot will be set to 600.
Is it a problem of the dovecot package or should I do some changes to config to allow dovecot reading the dict file?
Here is my config:
# 2.0.13 (9ae30e5d6935): /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-5-xen-amd64 x86_64 Debian 6.0.1 ext3 auth_mechanisms = plain login cram-md5 dict { quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_uid = 106 lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes mail_location = maildir:/var/mail/%d/%u mail_plugins = quota managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { autocreate = Sent Messages autocreate2 = Deleted Messages autocreate3 = Drafts autosubscribe = Sent Messages autosubscribe2 = Deleted Messages autosubscribe3 = Drafts quota = dict:User quota::proxy::quota quota_rule2 = Deleted Messages:storage=+1GB sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = imap lmtp service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service dict { unix_listener dict { group = mail mode = 0660 } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } ssl = required ssl_cert = </etc/ssl/certs/mailserver-cert.pem ssl_key = </etc/ssl/private/mailserver-key.pem userdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } protocol lmtp { mail_plugins = quota } protocol imap { mail_plugins = quota imap_quota autocreate } local_name mailserver.makomi.de { ssl_cert = </etc/ssl/certs/mailserver1-cert.pem ssl_key = </etc/ssl/private/mailserver1-key.pem } local_name mailserver.kokoma.de { ssl_cert = </etc/ssl/certs/mailserver2-cert.pem ssl_key = </etc/ssl/private/mailserver2-key.pem } local_name mailserver.grooveb.de { ssl_cert = </etc/ssl/certs/mailserver3-cert.pem ssl_key = </etc/ssl/private/mailserver3-key.pem } local_name mailserver.koehler-gohlis.de { ssl_cert = </etc/ssl/certs/mailserver4-cert.pem ssl_key = </etc/ssl/private/mailserver4-key.pem } local_name mailserver.koehler-schroeder.de { ssl_cert = </etc/ssl/certs/mailserver5-cert.pem ssl_key = </etc/ssl/private/mailserver5-key.pem }
Greetings, Michael
On Sun, 2011-06-05 at 22:02 +0200, Michael Köhler wrote:
I use Debian Squeeze and the sources from Stephan Bosch. A few weeks ago I´ve upgraded from 2.0.11 to 2.0.13 and got an error
Well, I haven't done any changes..
May 29 20:01:53 mailserver dovecot: dict: Error: Can't open configuration file /etc/dovecot/dovecot-dict-sql.conf.ext: Permission denied
With the current design this config file is opened late after dropping privileges.
and I could see that /etc/dovecot/dovecot-dict-sql.conf.ext is owning by root:root with 600. After changing to root:root 644 all works, but after each upgrade all files in /etc/dovecot will be set to 600.
This config file contains sql password, so it shouldn't be world-readable. Maybe it should be root:dovecot 640, because "dict" process runs as dovecot user by default (and I'd guess dovecot group).
participants (2)
-
Michael Köhler
-
Timo Sirainen