[Dovecot] EUID not changing when delivering to a mailbox
Hello,
I've set up virtual mailboxes and I'm using one uid/gid pair
(mail/mail) to deliver almost all messages. Some accounts I'd like to
have accessible by local Linux accounts as well, so postfix is
delivering them using separate uids (gid stays the same). But I run
into a problem when dovecot auth correctly fetches uid/gid from MySQL
database, but still uses general mail uid to access the mailbox
instead of user uid.
This is what I have in dovecot log:
dovecot: auth(default): client in: AUTH 1 PLAIN service=imap
secured lip=myipaddr rip=myipaddr lport=143
rport=55513
dovecot: auth(default): client out: CONT 1
dovecot: auth(default): client in: CONT<hidden>
dovecot: auth-worker(default): sql(joe@mydomain.com,myipaddr): query:
SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user,
password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid
FROM mailbox WHERE username = 'joe@mydomain.com' AND active = 1
dovecot: auth(default): client out: OK 1 user=joe@mydomain.com
uid=1000 gid=12
dovecot: auth(default): master in: REQUEST 11 17252 1
dovecot: auth(default): prefetch(joe@mydomain.com,myipaddr): success
dovecot: auth(default): master out: USER 11 joe@mydomain.com
home=/var/mail/mydomain.com/joe/ quota_rule=*:bytes=-1
dovecot: imap-login: Login: user=joe@mydomain.com, method=PLAIN,
rip=myipaddr, lip=myipaddr, TLS
dovecot: IMAP(joe@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir) failed: Permission denied
(euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe@mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe@mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe@mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe@mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
ricola dovecot: IMAP(joe@mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe@mydomain.com): Disconnected: Logged out bytes=171/775
My configuration is:
# 1.2.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.36-hardened-r6 x86_64 Gentoo Base System release 2.0.1 ext4 listen: *, [::] ssl_cert_file: /etc/ssl/dovecot/server.pem ssl_key_file: /etc/ssl/dovecot/server.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login first_valid_uid: 8 last_valid_uid: 1999 first_valid_gid: 12 last_valid_gid: 12 mail_privileged_group: mail mail_uid: 8 mail_gid: 12 mail_location: maildir:/var/mail/%d/%n/Maildir/:INDEX=/var/mail/%d/%n/indexes lda: postmaster_address: postmaster@mydomain.com mail_plugins: quota auth default: mechanisms: plain login user: nobody verbose: yes debug: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: prefetch userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: mail group: mail
I'm not sure if I got the concept correctly, but I was expecting that
dovecot will use uid from the database. I was not able to find any
relevant information in the archives. If it was explained already in
the past, please send me some keywords that would help me find it.
Thank you, Rastislav Wartiak
On Thu, 2011-02-03 at 07:50 +0100, rastik@tereus.eu wrote:
dovecot: auth-worker(default): sql(joe@mydomain.com,myipaddr): query:
SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user,
password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid
FROM mailbox WHERE username = 'joe@mydomain.com' AND active = 1 dovecot: auth(default): client out: OK 1 user=joe@mydomain.com
uid=1000 gid=12
It's returning uid and gid to login process as a reply to passdb query. They're ignored by login process.
dovecot: auth(default): master in: REQUEST 11 17252 1 dovecot: auth(default): prefetch(joe@mydomain.com,myipaddr): success dovecot: auth(default): master out: USER 11 joe@mydomain.com
home=/var/mail/mydomain.com/joe/ quota_rule=*:bytes=-1
They should be here as a reply to userdb query.
So: Prefix uid and gid and with userdb_.
participants (2)
-
rastik@tereus.eu
-
Timo Sirainen