Re: [Dovecot] Maildir permissions and Solr re-indexing
Michael Welsh Duggan writes:
All the files in my Maildir are owned by md5i:mail (I am md5i), and have 660 permissions. All directories have the same user:group permissions, and 770 with the setguid bit set. (That last may not be necessary, but ...
doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
After this, each directory has a dovecot.index.log with md5i:md5i 600 permissions.
I think the cause is clear enough: you (user=md5i/uid=1000) are not part of group mail (gid=8), so the dovecot user process doing things on your behalf cannot create index files that are anlogous to the mailbox it's indexing.
You can either
1) add "md5i" to group mail
2) remove g+w permission on your mail files (making group
membership irrelevant)
3) fiddle with "mail_privileged_group = mail", but I'm a little
hazy on all the ramifications of this.I don't know your particular circumstances, so I don't know which is best. If (big if) nothing on your system (particularly the MTA) requires access to your mail spool files by running as group=mail, probably 2) is your best option.
Joseph Tam jtam.home@gmail.com
Joseph Tam jtam.home@gmail.com writes:
Michael Welsh Duggan writes:
All the files in my Maildir are owned by md5i:mail (I am md5i), and have 660 permissions. All directories have the same user:group permissions, and 770 with the setguid bit set. (That last may not be necessary, but ...
doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
After this, each directory has a dovecot.index.log with md5i:md5i 600 permissions.
I think the cause is clear enough: you (user=md5i/uid=1000) are not part of group mail (gid=8), so the dovecot user process doing things on your behalf cannot create index files that are anlogous to the mailbox it's indexing.
You can either
- add "md5i" to group mail
- remove g+w permission on your mail files (making group membership irrelevant)
- fiddle with "mail_privileged_group = mail", but I'm a little hazy on all the ramifications of this.
I don't know your particular circumstances, so I don't know which is best. If (big if) nothing on your system (particularly the MTA) requires access to your mail spool files by running as group=mail, probably 2) is your best option.
Thank you. 2) did the trick, and I think I understand how this works now.
-- Michael Welsh Duggan (md5i@md5i.com)
participants (2)
-
Joseph Tam
-
Michael Welsh Duggan