Authentication problems due to file ownership issue.
I am getting: Oct 03 20:19:52 auth: Error: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755)
Because: root@mailserver:/run/dovecot# ls -l auth-worker srw------- 1 dovecot root 0 Oct 3 20:09 auth-worker
When it really needs to be "vmail" (I think).
I have set: service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = vmail group = vmail }
in 10-master.conf (because I'm using postfixadmin/mariadb to store user information, I don't *want* access to /etc/shadow)
I set this about an hour ago, then applied some security patches and restarted (ubuntu 20.04 system) and it didn't change. I then manually did a "chown vmail: of that file, and I got further. I had a different problem that I resolved, and then restarted dovecot, and /run/dovecot/auth-worker reverted.
I'm not sure where I need to set this.
Thanks. Petro. :wq
Oct 03 20:19:52 auth: Error: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755)
I set this about an hour ago, then applied some security patches and restarted
Files and directories inside of /run/ are created every time you reboot the server. If you manually change the owner or permissions it will only stay that way until next reboot. You have to edit config settings for the service in question for how you want those directories / files created on reboot. I do not know how to do that in ubuntu but in RHEL you edit (or create) config files in /etc/tmpfiles.d/
Package installed default on RHEL /usr/lib/tmpfiles.d/dovecot.conf "d /var/run/dovecot 0755 root dovecot -"
Not sure what you are trying to do, but another option might be give user vmail dovecot group access so vmail can access files with a dovecot group read permission. usermod -a -G dovecot vmail
This is a late response, sorry--it got pushed down the stack.
Not sure what you are trying to do, but another option
I am trying to get postfix + postfixadmin working with Dovecot.
All of the user and domain configuration is in Mysqldb, and the mail directories in /var/mail/vmail are owned by vmail: root@mailserver:/var/mail# ls -l total 20 drwx------ 2 root root 16384 Sep 12 17:30 lost+found drwxr-xr-x 3 vmail vmail 4096 Sep 26 00:00 vmail
might be give user vmail dovecot group access so vmail can access files with a dovecot group read permission.
THe process in /run/dovecot is:
srw------- 1 vmail root 0 Oct 12 03:12 auth-userdb srw------- 1 dovecot root 0 Oct 12 03:12 auth-worker Oddly enough the auth-userdb is owned by vmail.
I tried setting service auth-worker { # Auth worker process is run as root by default, so that it can access # /etc/shadow. If this isn't necessary, the user should be changed to # $default_internal_user. user = $default_internal_user }
and it didn't help.
On Sun, Oct 3, 2021 at 5:02 PM dovecot@ptld.com wrote:
Oct 03 20:19:52 auth: Error: net_connect_unix(auth-worker) in directory /run/dovecot failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /run/dovecot/auth-worker, dir owned by 0:0 mode=0755)
I set this about an hour ago, then applied some security patches and restarted
Files and directories inside of /run/ are created every time you reboot the server. If you manually change the owner or permissions it will only stay that way until next reboot. You have to edit config settings for the service in question for how you want those directories / files created on reboot. I do not know how to do that in ubuntu but in RHEL you edit (or create) config files in /etc/tmpfiles.d/
Package installed default on RHEL /usr/lib/tmpfiles.d/dovecot.conf "d /var/run/dovecot 0755 root dovecot -"
Not sure what you are trying to do, but another option might be give user vmail dovecot group access so vmail can access files with a dovecot group read permission. usermod -a -G dovecot vmail
participants (2)
-
C. Petro
-
dovecot@ptld.com