[Dovecot] Dovecot 2.0 auth socket error
Hi Timo,
ok, when dovecot starts up, it creates the socket files in /usr/local/var/run/dovecot for the auth and a variety of other socket stuff you have going on. It creates these socket files with root ownership.
But I have in the config files that dovecot is running as a particular user (in this case uid100 and gid100) to match the global mail systems needs.
I use qmail as the delivery agent, and when qmail envokes deliver, I get the following errors in the qmail log files :
@400000004c1b18f22ea7a05c delivery 1497: deferral: lda:_Error:_userdb_lookup:_connect(/usr/local/var/run/dovecot/auth-userdb)_failed:_Permission_denied_(euid=100(sn)_egid=100(sn)_missing_+w_perm:_/usr/local/var/run/dovecot/auth-userdb,_euid_is_not_dir_owner)/lda:_Fatal:_Internal_error_occurred._Refer_to_server_log_for_more_information./
Now, from what I can tell, this is complaining that the socket doesn't have write permission for the group, because it is owned by root and created with only 600 permissions...I can chmod the file to add the rw for the group, and then it appears to start working ok, but if I stop and start dovecot, it will only re-create those files with the 600 permissions...
It appears that this is not happening in the version 1.2.11 code base as I this machine is a new one that I am testing 2.0 code on...
Am I missing a proper setting somewhere?
here is my dovecot -l :
# 2.0.beta6: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.0-RELEASE-p3 i386 auth_username_format = %Lu auth_username_translation = %@ auth_verbose = yes disable_plaintext_auth = no dotlock_use_excl = yes first_valid_uid = 100 listen = * lock_method = dotlock log_path = /local/logs/dovecot.errors mail_gid = 100 mail_location = maildir:%h/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_uid = 100 mmap_disable = yes passdb { args = /bin/checkpassword_dovecot_auth driver = checkpassword } plugin { quota = maildir sieve = ~/.dovecot.sieve sieve_dir = ~/Maildir/sieve } protocols = imap pop3 managesieve quota_full_tempfail = yes ssl_cert = </etc/ssl/certs/dovecot.pem ssl_key = </etc/ssl/private/dovecot.pem userdb { driver = prefetch } userdb { args = /bin/checkpassword_dovecot_deliver driver = checkpassword } verbose_proctitle = yes protocol pop3 { pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } protocol lda { mail_plugins = quota sieve } protocol imap { mail_plugins = quota imap_quota }
Thanks,
Tim.
On Fri, 2010-06-18 at 01:11 -0700, Tim Traver wrote:
Now, from what I can tell, this is complaining that the socket doesn't have write permission for the group, because it is owned by root and created with only 600 permissions...I can chmod the file to add the rw for the group, and then it appears to start working ok, but if I stop and start dovecot, it will only re-create those files with the 600 permissions...
example-config/conf.d/10-master.conf:
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener auth-userdb { #mode = 0600 #user = #group = } ..
On Fri, Jun 18, 2010 at 5:04 PM, Timo Sirainen <tss@iki.fi> wrote:
On Fri, 2010-06-18 at 01:11 -0700, Tim Traver wrote:
Now, from what I can tell, this is complaining that the socket doesn't have write permission for the group, because it is owned by root and created with only 600 permissions...I can chmod the file to add the rw for the group, and then it appears to start working ok, but if I stop and start dovecot, it will only re-create those files with the 600 permissions...
example-config/conf.d/10-master.conf:
service auth { # auth_socket_path points to this userdb socket by default. It's typically # used by dovecot-lda, doveadm, possibly imap process, etc. Its default # permissions make it readable only by root, but you may need to relax these # permissions. Users that have access to this socket are able to get a list # of all usernames and get results of everyone's userdb lookups. unix_listener auth-userdb { #mode = 0600 #user = #group = } ..
How do I upgrade from beta4 to beta6?? Some option to merge configs easily?
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
"If you have nothing good to say about someone, just shut up!." -- Lucky Dube
On Fri, 2010-06-18 at 19:01 +0300, Odhiambo Washington wrote:
How do I upgrade from beta4 to beta6?? Some option to merge configs easily?
Merge what? The configs are basically the same. See beta5 and beta6 release announcements for the couple of differences (which probably won't even affect your config).
On Fri, Jun 18, 2010 at 7:03 PM, Timo Sirainen <tss@iki.fi> wrote:
On Fri, 2010-06-18 at 19:01 +0300, Odhiambo Washington wrote:
How do I upgrade from beta4 to beta6?? Some option to merge configs easily?
Merge what? The configs are basically the same. See beta5 and beta6 release announcements for the couple of differences (which probably won't even affect your config).
I tried my config files from beta4 on beta6 and I started getting complaints related to the files whose names begin with numbers. Anyway, I will indulge with the configs and write new ones. I think I need to allocate time to read everything/comment in the files to figure out why I could not simply have my files from beta4 working.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223
"If you have nothing good to say about someone, just shut up!." -- Lucky Dube
On Fri, 2010-06-18 at 22:59 +0300, Odhiambo Washington wrote:
I tried my config files from beta4 on beta6 and I started getting complaints related to the files whose names begin with numbers. Anyway, I will indulge with the configs and write new ones. I think I need to allocate time to read everything/comment in the files to figure out why I could not simply have my files from beta4 working.
Or you could have copy&pasted the error messages into your mail and I would have told you.
participants (3)
-
Odhiambo Washington
-
Tim Traver
-
Timo Sirainen