[Dovecot] Dsync Permissions Issue
Greetings,
I recently upgraded Dovecot from 1.2 to 2.0.14, for purposes of using Dsync to migrate emails from one server to another. I'm using MySQL for authentication. However I get this error message when I try to run Dsync, and after looking around for an answer, I'm at a bit of a loss:
[root@triata ~]# dsync -v -u asai@globalchangemusic.org backup ssh -p22222 vmail@xx.xxx.xx.xxx dsync -u asai@globalchangemusic.org vmail@xx.xxx.xx.xxx's password: dsync(vmail): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) dsync(vmail): Fatal: User lookup failed: Internal error occurred. Refer to server log for more information. dsync-local(asai@globalchangemusic.org): Error: read() from worker server failed: EOF
Config as follows:
[root@triata ~]# doveconf -n # 2.0.14: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-92.1.10.el5.xs5.0.0.39xen x86_64 CentOS release 5 (Final) ext3 auth_mechanisms = plain login mail_home = /vmail/%d/%n/home mail_location = maildir:/vmail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date namespace { inbox = yes location = prefix = separator = / type = private } passdb { args = /etc/dovecot-mysql.conf driver = sql } plugin { sieve = /vmail/%d/%n/sievescript } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } user = root } ssl_cert = </etc/ssl/triata.globalchangemultimedia.net/mailserver/smtpd.pem ssl_key = </etc/ssl/triata.globalchangemultimedia.net/mailserver/smtpd.pem userdb { driver = passwd } userdb { args = /etc/dovecot-mysql.conf driver = sql } protocol lda { hostname = triata.globalchangemultimedia.net mail_plugin_dir = /usr/lib64/dovecot/ mail_plugins = sieve postmaster_address = postmaster@globalchangemultimedia.net }
--
On Wed, 2011-09-14 at 09:04 -0700, Asai wrote:
[root@triata ~]# dsync -v -u asai@globalchangemusic.org backup ssh -p22222 vmail@xx.xxx.xx.xxx dsync -u asai@globalchangemusic.org vmail@xx.xxx.xx.xxx's password: dsync(vmail): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) .. service auth { unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } user = root }
So clearly you've given more than necessary permissions in here. 0600 with user=vmail should be enough. But the permission problem isn't on the server where you ran this "doveconf -n". The problem is on your remote server's Dovecot config.
BTW:
unix_listener auth-master { group = vmail mode = 0660 user = vmail }
There's no reason to change this from defaults.
Thank you for your assistance, I have changed permissions on the remote server and all is well.
On 9/16/2011 6:09 AM, Timo Sirainen wrote:
On Wed, 2011-09-14 at 09:04 -0700, Asai wrote:
[root@triata ~]# dsync -v -u asai@globalchangemusic.org backup ssh -p22222 vmail@xx.xxx.xx.xxx dsync -u asai@globalchangemusic.org vmail@xx.xxx.xx.xxx's password: dsync(vmail): Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=1001(vmail) egid=1001(vmail) missing +r perm: /var/run/dovecot/auth-userdb, euid is not dir owner) .. service auth { unix_listener auth-userdb { group = vmail mode = 0666 user = vmail } user = root } So clearly you've given more than necessary permissions in here. 0600 with user=vmail should be enough. But the permission problem isn't on the server where you ran this "doveconf -n". The problem is on your remote server's Dovecot config.
BTW:
unix_listener auth-master { group = vmail mode = 0660 user = vmail }
There's no reason to change this from defaults.
participants (2)
-
Asai
-
Timo Sirainen