[Dovecot] auth both system and virtual users
I've setup dovecot to auth both system and virtual users but it is refusing to work. It keeps saying user is not found. Is there something more that I need to set?
dovecot.conf:
= default_mail_env = maildir:/var/mail/%1.1u/%u/Maildir mail_extra_groups = mail protocol imap { } protocol pop3 { } protocol lda { postmaster_address = postmaster@example.com } auth_verbose = yes auth_debug = yes auth_debug_passwords = yes auth default { mechanisms = plain passdb passwd-file { args = /etc/dovecot.deny deny = yes } passdb passwd-file { args = /etc/imap.passwd } passdb pam { } userdb passwd { } user = root } dict { } plugin { }
=
maillog:
= Oct 30 20:12:00 grp-01-10-01 dovecot: Killed with signal 15 Oct 30 20:12:03 grp-01-10-01 dovecot: Dovecot v1.0.rc7 starting up Oct 30 20:12:04 grp-01-10-01 dovecot: auth(default): passwd-file /etc/dovecot.de ny: Read 0 users Oct 30 20:12:04 grp-01-10-01 dovecot: auth(default): passwd-file /etc/imap.passw d: Read 1 users Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=::ffff:127.0.0.1 rip=::ffff:127.0.0.1 resp=AHR1c2VyAHBhc3M= Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): passwd-file(tuser,::ffff:12 7.0.0.1): unknown user Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): client out: OK 1 user=tuser Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): master in: REQUEST 1 30764 1 Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): passwd(tuser,::ffff:127.0.0 .1): unknown user Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): userdb(tuser,::ffff:127.0.0 .1): user not found from userdb Oct 30 20:12:24 grp-01-10-01 dovecot: auth(default): master out: NOTFOUND 1 Oct 30 20:12:24 grp-01-10-01 dovecot: imap-login: Internal login failure: user=< tuser>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured ~
=
Followup: The auth is working for system users but not for virtual users. I have put the virtual user, tuser, in the file /etc/imap.passwd in /etc/passwd format using the example. But I can never login with this user. Here is /etc/imap.passwd: tuser:{PLAIN}pass:65534:65534::/var/mail/u/tuser
Other questions: When I logged in the first time with system user, greno, it created the following tree under /var/mail: ./r/greno/Maildir/new ./r/greno/Maildir/cur ./r/greno/Maildir/tmp
This is great except that the top level directory, 'r', is owned by this user alone with very tight permissions. What will happen with next user with last name beginning with 'r'? drwx------ 3 greno greno 4096 Oct 30 21:11 r Is there a way in dovecot.conf to make this owned by dovecot or root and more open permissions? Or should I create whole alphabet directories, 'a','b','c'..., and assign them to dovecot owner?
Solution to virtual user auth: Needed to add: userdb passwd-file { args = /etc/imap.passwd }
More info on virtaul user mail storage: I created another virtual user, brichards, whose last name also begins with 'r'. /etc/imap.passwd: tuser:{plain}pass:65534:65534::/var/mail/u/tuser brichards:{plain}pass:65534:65534::/var/mail/r/brichards
When I logged into dovecot with 'brichards' it immediately gave me: Connection closed by foreign host.
The /var/mail directory structure was not changed: drwx------ 3 greno greno 4096 Oct 30 21:11 /var/mail/r drwx------ 3 greno greno 4096 Oct 30 21:11 /var/mail/r/greno drwx------ 5 greno greno 4096 Oct 30 21:11 /var/mail/r/greno/Maildir drwx------ 2 greno greno 4096 Oct 30 21:11 /var/mail/r/greno/Maildir/cur
drwx------ 2 greno greno 4096 Oct 30 21:11 /var/mail/r/greno/Maildir/new
drwx------ 2 greno greno 4096 Oct 30 21:11 /var/mail/r/greno/Maildir/tmp
-rw------- 1 root root 1581 Oct 28 15:45 /var/mail/root drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser drwx------ 5 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir/cur
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir/new
drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 09:28 /var/mail/u/tuser/Maildir/tmp
===> NOTE: nfsnoboby is uid 65534
And the maillog showed: Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client in: AUTH 1 PLAIN service=IMAP secured lip=::ffff:127.0.0.1 rip=::ffff:127.0.0.1 resp=AGJyaWNoYXJkcwBwYXNz Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): passwd-file(brichards,::fff f:127.0.0.1): unknown user Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): passwd-file /etc/imap.passw d: Read 2 users Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): client out: OK 1 user=brichards Oct 31 09:41:40 grp-01-10-01 dovecot: chdir(/var/mail/r/brichards) failed with u id 65534: Permission denied Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master in: REQUEST 3 2276 1 Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): passwd(brichards,::ffff:127 .0.0.1): unknown user Oct 31 09:41:40 grp-01-10-01 dovecot: auth(default): master out: USER 3 brichards uid=65534 gid=65534 home=/var/mail/r/brichards Oct 31 09:41:40 grp-01-10-01 dovecot: child 2382 (imap) returned error 89 Oct 31 09:41:40 grp-01-10-01 dovecot: imap-login: Login: user=<brichards>, metho d=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured
So for any system user there appears to be no problem creating the mail directories. For virtual users there is a directory ownership/permissions problem that allows only one user for any last name beginning with the same letter. My thought is that all the directories preceding the Maildir directory should be owned by 'mail' rather than the user. Does this make sense?
GR
-----Original Message----- From: dovecot-bounces@dovecot.org [mailto:dovecot-bounces@dovecot.org]On Behalf Of Gerry Reno Sent: Monday, October 30, 2006 10:53 PM To: dovecot@dovecot.org Subject: Re: [Dovecot] auth both system and virtual users
Followup: The auth is working for system users but not for virtual users. I have put the virtual user, tuser, in the file /etc/imap.passwd in /etc/passwd format using the example. But I can never login with this user. Here is /etc/imap.passwd: tuser:{PLAIN}pass:65534:65534::/var/mail/u/tuser
Other questions: When I logged in the first time with system user, greno, it created the following tree under /var/mail: ./r/greno/Maildir/new ./r/greno/Maildir/cur ./r/greno/Maildir/tmp
This is great except that the top level directory, 'r', is owned by this user alone with very tight permissions. What will happen with next user with last name beginning with 'r'? drwx------ 3 greno greno 4096 Oct 30 21:11 r Is there a way in dovecot.conf to make this owned by dovecot or root and more open permissions? Or should I create whole alphabet directories, 'a','b','c'..., and assign them to dovecot owner?
I haven't found a way for dovecot to manage the mail directory ownership/permissions issue. Here is how I solved it manually: cd /var/mail mkdir a b c d e f g h i j k l m n o p q r s t u v w x y z chown root:mail ? chmod 775 ?
/var/mail: drwxrwxr-x 2 root mail 4096 Oct 31 11:02 a drwxrwxr-x 2 root mail 4096 Oct 31 11:02 b drwxrwxr-x 2 root mail 4096 Oct 31 11:02 c drwxrwxr-x 2 root mail 4096 Oct 31 11:02 d drwxrwxr-x 2 root mail 4096 Oct 31 11:02 e drwxrwxr-x 2 root mail 4096 Oct 31 11:02 f drwxrwxr-x 2 root mail 4096 Oct 31 11:02 g drwxrwxr-x 2 root mail 4096 Oct 31 11:02 h drwxrwxr-x 2 root mail 4096 Oct 31 11:02 i drwxrwxr-x 2 root mail 4096 Oct 31 11:02 j drwxrwxr-x 2 root mail 4096 Oct 31 11:02 k drwxrwxr-x 2 root mail 4096 Oct 31 11:02 l drwxrwxr-x 2 root mail 4096 Oct 31 11:02 m drwxrwxr-x 2 root mail 4096 Oct 31 11:02 n drwxrwxr-x 2 root mail 4096 Oct 31 11:02 o drwxrwxr-x 2 root mail 4096 Oct 31 11:02 p drwxrwxr-x 2 root mail 4096 Oct 31 11:02 q drwxrwxr-x 4 root mail 4096 Oct 31 11:05 r drwxrwxr-x 2 root mail 4096 Oct 31 11:02 s drwxrwxr-x 2 root mail 4096 Oct 31 11:02 t drwxrwxr-x 3 root mail 4096 Oct 31 09:28 u drwxrwxr-x 2 root mail 4096 Oct 31 11:02 v drwxrwxr-x 2 root mail 4096 Oct 31 11:02 w drwxrwxr-x 2 root mail 4096 Oct 31 11:02 x drwxrwxr-x 2 root mail 4096 Oct 31 11:02 y drwxrwxr-x 2 root mail 4096 Oct 31 11:02 z
Now I can login as 'brichards' and it properly created the mail directories under the 'r' directory.
/var/mail/r/brichards: drwx------ 3 nfsnobody nfsnobody 4096 Oct 31 11:05 /var/mail/r/brichards/ drwx------ 5 nfsnobody nfsnobody 4096 Oct 31 11:05 /var/mail/r/brichards//Maildir drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 11:05 /var/mail/r/brichards//Maildir/cur drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 11:05 /var/mail/r/brichards//Maildir/new drwx------ 2 nfsnobody nfsnobody 4096 Oct 31 11:05 /var/mail/r/brichards//Maildir/tmp
GR
participants (1)
-
Gerry Reno