[Dovecot] auth_socket_path permissiones
Hello, I'm using dovecot 1.0 under debian etch.
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
I suppose deliver is run as dovecot user. I read about running deliver as root with the suid bit set. I'm not quite sure if this is a good solution. Is there any other way. In the wiki says: "Most MTAs won't let you run deliver as root, so for now you'll need to make it setuid root. However deliver isn't designed to be run as setuid-root"
My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option?
Thank you.
-- Adrián Ribao Martínez
On 5/22/2008, Adrián Ribao Martínez (aribao@gmail.com) wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)...
--
Best regards,
Charles
El Jueves, 22 de Mayo de 2008, Charles Marcus escribió:
On 5/22/2008, Adrián Ribao Martínez (aribao@gmail.com) wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
But this gives me the error: net_connect(/var/spool/postfix/private/auth) failed: Permission denied
Please provide full dovecot -n output, not snips from config files (dovecot may not be using the setting you think it is)...
Here you go: # /etc/dovecot/dovecot.conf Warning: mail_extra_groups setting was often used insecurely so it is now deprecated, use mail_access_groups or mail_privileged_group instead log_timestamp: %Y-%m-%d %H:%M:%S protocols: pop3 imap login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_extra_groups: mail mail_access_groups: mail mail_location: mbox:~/mail/%n:INBOX=~/mail/%n/%n mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: realms: adrima.es universoheroes.com passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 438 user: postfix group: postfix master:
-- Adrián Ribao Martínez
Hi.
--On Thursday, May 22, 2008 02:32:06 PM +0200 Adrián Ribao Martínez <aribao@gmail.com> wrote:
The lda socket path is set to: auth_socket_path = /var/spool/postfix/private/auth
If you need the auth socket only for one user, just set the correct permissions.
Postfix can run the deliver process as the dovecot user. For more info see <http://wiki.dovecot.org/LDA/Postfix>.
My MTA is postfix, does someone know if postfix let me run deliver as root? If not, should I go to the setuid option?
It depends on your setup, I guess. Another feasible option might be using filesystem ACLs for the auth socket.
Greetings,
Jens
participants (3)
-
Adrián Ribao Martínez
-
Charles Marcus
-
Jens Dönhoff