[Dovecot] auth_socket_path permissiones
Hello, I'm using dovecot 1.0 under debian etch.
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
I suppose deliver is run as dovecot user. I read about running deliver as root with the suid bit set. I'm not quite sure if this is a good solution. Is there any other way. In the wiki says: "Most MTAs won't let you run deliver as root, so for now you'll need to make it setuid root. However deliver isn't designed to be run as setuid-root"
My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option?
Thank you.
-- Adrián Ribao Martínez
On 5/22/2008, Adrián Ribao Martínez (aribao@gmail.com) wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)...
--
Best regards,
Charles
El Jueves, 22 de Mayo de 2008, Charles Marcus escribió:
On 5/22/2008, Adrián Ribao Martínez (aribao@gmail.com) wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)...
Here you go: # /etc/dovecot/dovecot.conf Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead log_timestamp: %Y-%m-%d %H:%M:%S protocols: pop3 imap login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_extra_groups: mail mail_access_groups: mail mail_location: mbox:~/mail/%n:INBOX=~/mail/%n/%n mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: realms: adrima.es universoheroes.com passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 438 user: postfix group: postfix master:
-- Adrián Ribao Martínez
Hi.
--On Thursday, May 22, 2008 02:32:06 PM +0200 Adrián Ribao Martínez aribao@gmail.com wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
If you need the auth socket only for one user, just set the correct permissions.
Postfix can run the deliver process as the dovecot user. For more info see http://wiki.dovecot.org/LDA/Postfix.
My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option?
It depends on your setup, I guess. Another feasible option might be using filesystem ACLs for the auth socket.
Greetings,
Jens
participants (3)
-
Adrián Ribao Martínez
-
Charles Marcus
-
Jens Dönhoff