Re: question: dovecot lda running as special user (vmail) or normal user (marcel)?
Dear Mailing List,
(version and dovecot -n at the bottom) (Sorry for the bad English in this mail :) )
I'm new to dovecot and wanted to build my own mailserver using dovecot+postfix. I currently have a Problem with Permissions with my mailfolder. I could solve it easily if i set it with chmod to 777. but thats no real solution.
While reading my log files i see a lot messages like: Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir owned by 5000:5000 mode=0700) Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to server log for more information.
So Currently two Users need to acces the mail-folder:
- The user itself (here: owncloud)
- The vmail user
I want to use dovecot with virtual users. Now the question is: shouldn't the directory be accessed only by the vmail user? and not by the owncloud user?
Second Quest: If it's correct that the access is made by 2 users: what rights do they need? I Cant add all users to the group vmail and set g+rwx Permissions (every user could read mails from other users, and even edit them!)
Thanks a Lot. Kind Regards,
Marcel
dovecot --version 2.2.13
dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_mechanisms = plain login auth_verbose = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_home = /home/vmail/example.com/%n mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_after = /home/vmail/sieve-after sieve_before = /home/vmail/sieve-before sieve_dir = ~/sieve } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = was automatically rejected:%n%r }
On Fri, Oct 10, 2014 at 10:13 AM, marcel.cochem < marcel.cochem@googlemail.com> wrote:
Dear Mailing List,
(version and dovecot -n at the bottom) (Sorry for the bad English in this mail :) )
I'm new to dovecot and wanted to build my own mailserver using dovecot+postfix. I currently have a Problem with Permissions with my mailfolder. I could solve it easily if i set it with chmod to 777. but thats no real solution.
While reading my log files i see a lot messages like: Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir owned by 5000:5000 mode=0700) Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to server log for more information.
So Currently two Users need to acces the mail-folder:
- The user itself (here: owncloud)
- The vmail user
I want to use dovecot with virtual users. Now the question is: shouldn't the directory be accessed only by the vmail user? and not by the owncloud user?
Second Quest: If it's correct that the access is made by 2 users: what rights do they need? I Cant add all users to the group vmail and set g+rwx Permissions (every user could read mails from other users, and even edit them!)
Thanks a Lot. Kind Regards,
Marcel
dovecot --version 2.2.13
dovecot -n # 2.2.13: /etc/dovecot/dovecot.conf # OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4 auth_mechanisms = plain login auth_verbose = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_home = /home/vmail/example.com/%n mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db driver = passwd-file } plugin { sieve = ~/.dovecot.sieve sieve_after = /home/vmail/sieve-after sieve_before = /home/vmail/sieve-before sieve_dir = ~/sieve } protocols = imap sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = was automatically rejected:%n%r }
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 10 Oct 2014, marcel.cochem wrote:
I'm new to dovecot and wanted to build my own mailserver using dovecot+postfix. I currently have a Problem with Permissions with my mailfolder. I could solve it easily if i set it with chmod to 777. but thats no real solution.
While reading my log files i see a lot messages like: Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir owned by 5000:5000 mode=0700) Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to server log for more information.
So Currently two Users need to acces the mail-folder:
- The user itself (here: owncloud)
- The vmail user
I want to use dovecot with virtual users. Now the question is: shouldn't the directory be accessed only by the vmail user? and not by the owncloud user?
postfix starts the LDA as owncloud user, looks like you set postfix up to use system users. Either make it use the vmail user or use LMTP.
userdb { args = uid=5000 gid=5000 home=/home/vmail/example.com/%n driver = static }
Via IMAP/POP3 and LMTP all users will use these settings.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVDemh3z1H7kL/d9rAQIMxwf/cLh7M/VVUzweg5Vg1hQZx5rneCh/Lj6l 7NK1HSwEaXz/4u6kVQOpqXXRUhjHz9DXgAh6blQDifXOVHY3V1MpDleg8DKzHeah wmhnfw3jWNuAGWd7z96Iys8mjuopPz35hy6nhVVwQtmv3wbFdqqch4PrCa2pOnvc gnWUaht2wSdHhAP4ZCyNY5zWPPEQtIigpXqcYpfIRXVg/wO9TiYH0Uww6BBZvNUl W/LRlS2E0jlQeacAueyRcdjoMuKC0ki/2ao12GWBffGW+2EJTD8U6dSTu4Ogviyr g8SsPqUIG4NpQAvB2T5XwjECmsiR2gkxYaEJ8tLki0vUj4iQDGFgOA== =aeeT -----END PGP SIGNATURE-----
Thank you for that information, unfortunately i didn't figure out how to force postfix to use vmail user.
I know that the line in main.cf (postfix) is executed as the user that recieves the mail and not by the vmail user (whole mail.cf file at pastebin : http://pastebin.com/0DsfuwJi): mailbox_command = /usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}"
And the following lines in master.cf (pastebin: http://pastebin.com/G7HKGJtz) looks like it is executed with user vmail: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
i also tried to add the mailbox_command in the master.cf file dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -c /etc/dovecot/conf.d/01-mail-stack-delivery.conf -m "${EXTENSION}" -f ${sender} -d ${recipient}
but that didn't seem to solve the Problem...
To set up the server, i used this tutorial: http://arstechnica.com/information-technology/2014/02/how-to-run-your-own-e-...
Can you say what i have to change, or show me another good tutorial which uses postfix+dovecot with virtual users & maildir ?
Regards, Marcel
On Fri, Oct 10, 2014 at 11:27 AM, Steffen Kaiser < skdovecot@smail.inf.fh-brs.de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 10 Oct 2014, marcel.cochem wrote:
I'm new to dovecot and wanted to build my own mailserver using
dovecot+postfix. I currently have a Problem with Permissions with my mailfolder. I could solve it easily if i set it with chmod to 777. but thats no real solution.
While reading my log files i see a lot messages like: Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed: Initializing mail storage from mail_location setting failed: stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir owned by 5000:5000 mode=0700) Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to server log for more information.
So Currently two Users need to acces the mail-folder:
- The user itself (here: owncloud)
- The vmail user
I want to use dovecot with virtual users. Now the question is: shouldn't
the directory be accessed only by the vmail user? and not by the owncloud user?
postfix starts the LDA as owncloud user, looks like you set postfix up to use system users. Either make it use the vmail user or use LMTP.
userdb {
args = uid=5000 gid=5000 home=/home/vmail/example.com/%n driver = static }
Via IMAP/POP3 and LMTP all users will use these settings.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVDemh3z1H7kL/d9rAQIMxwf/cLh7M/VVUzweg5Vg1hQZx5rneCh/Lj6l 7NK1HSwEaXz/4u6kVQOpqXXRUhjHz9DXgAh6blQDifXOVHY3V1MpDleg8DKzHeah wmhnfw3jWNuAGWd7z96Iys8mjuopPz35hy6nhVVwQtmv3wbFdqqch4PrCa2pOnvc gnWUaht2wSdHhAP4ZCyNY5zWPPEQtIigpXqcYpfIRXVg/wO9TiYH0Uww6BBZvNUl W/LRlS2E0jlQeacAueyRcdjoMuKC0ki/2ao12GWBffGW+2EJTD8U6dSTu4Ogviyr g8SsPqUIG4NpQAvB2T5XwjECmsiR2gkxYaEJ8tLki0vUj4iQDGFgOA== =aeeT -----END PGP SIGNATURE-----
participants (2)
-
marcel.cochem
-
Steffen Kaiser