[Dovecot] dovecot transaction log permissions
So after some problems with NFS and transaction logs getting corrupted. Im tyring out storing them localy. via..
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%u
the problem is with a large amount of users.. the indexes dir becomes huge with this setup. So a change to make this better is...
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%d/%n
to seperate the users dir's into domains. What seems to happen is dovecot creates the index's folder automaticly and its owned by that user.. eg..
drwx------ 3 10651674 2598184 4096 2010-06-02 19:08 domain.com
this makes it so no other user of domain.com can get their transaction logs created cause the dir is owned by another user at that domain. Is there anyway around this? I see there used to be a umask option but that is gone in 1.2.x.
-- Jordan Tardif DreamHost
On Wed, Jun 2, 2010 at 7:12 PM, Jordan Tardif jordan@hq.newdream.net wrote:
So after some problems with NFS and transaction logs getting corrupted. Im tyring out storing them localy. via..
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%u
the problem is with a large amount of users.. the indexes dir becomes huge with this setup. So a change to make this better is...
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%d/%n
to seperate the users dir's into domains. What seems to happen is dovecot creates the index's folder automaticly and its owned by that user.. eg..
drwx------ 3 10651674 2598184 4096 2010-06-02 19:08 domain.com
this makes it so no other user of domain.com can get their transaction logs created cause the dir is owned by another user at that domain. Is there anyway around this? I see there used to be a umask option but that is gone in 1.2.x.
Why not split it up a bit more? I use something like this:
INDEX=/var/dovecot/Indexes/%2Mu/%2.2Mu/%u
That keeps directories from ever getting big, though at the cost of a lot of inodes.
BTW, that's an impressively large UID and GID :)
On Wed, Jun 2, 2010 at 7:12 PM, Jordan Tardif jordan@hq.newdream.net wrote:
So after some problems with NFS and transaction logs getting corrupted. Im tyring out storing them localy. via..
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%u
the problem is with a large amount of users.. the indexes dir becomes huge with this setup. So a change to make this better is...
mail_location: maildir:~/Maildir:INDEX=/var/dovecot/indexes/%d/%n
to seperate the users dir's into domains. What seems to happen is dovecot creates the index's folder automaticly and its owned by that user.. eg..
drwx------ 3 10651674 2598184 4096 2010-06-02 19:08 domain.com
this makes it so no other user of domain.com can get their transaction logs created cause the dir is owned by another user at that domain. Is there anyway around this? I see there used to be a umask option but that is gone in 1.2.x.
Why not split it up a bit more? I use something like this:
INDEX=/var/dovecot/Indexes/%2Mu/%2.2Mu/%u
That keeps directories from ever getting big, though at the cost of a lot of inodes.
BTW, that's an impressively large UID and GID :)
Well that what I planned doing but there are permissions issues with the dir's created when doing this.
a36:/var/dovecot/indexes# ls -al total 592 drwxrwxrwx 3 dhmail dhmail 593920 2010-06-03 11:55 . drwxr-xr-x 3 dhmail dhmail 4096 2010-06-02 19:02 .. drwx------ 3 mailtest nogroup 4096 2010-06-03 11:55 d5 a36:/var/dovecot/indexes# ls -al d5/ total 592 drwx------ 3 mailtest nogroup 4096 2010-06-03 11:55 . drwxrwxrwx 3 dhmail dhmail 593920 2010-06-03 11:55 .. drwx------ 3 mailtest nogroup 4096 2010-06-03 11:55 26
The first dir is created with the fist user to connect, making it not possible for the next user to create a dir in there since he has another uid. resulting in an error like..
/var/dovecot/indexes/d5/26/othertestuser/.INBOX) failed: Permission denied (euid=10464950(othertestuser) egid=othergroup(162776) missing +x perm: /var/dovecot/indexes/d5
So kinda makes it impossible to put them in any sort of organized dir structure unless they all have the same uid... unless im missing something here.
-- Jordan Tardif
On ke, 2010-06-02 at 19:12 -0700, Jordan Tardif wrote:
drwx------ 3 10651674 2598184 4096 2010-06-02 19:08 domain.com
this makes it so no other user of domain.com can get their transaction logs created cause the dir is owned by another user at that domain. Is there anyway around this? I see there used to be a umask option but that is gone in 1.2.x.
Here's a fix for v2.0: http://hg.dovecot.org/dovecot-2.0/rev/0dfd28b930b3
But for v1.2 you'd just have to create those directories manually or maybe with a postlogin script http://wiki.dovecot.org/PostLoginScripting (but that doesn't work if you use deliver).
On ke, 2010-06-02 at 19:12 -0700, Jordan Tardif wrote:
drwx------ 3 10651674 2598184 4096 2010-06-02 19:08 domain.com
this makes it so no other user of domain.com can get their transaction logs created cause the dir is owned by another user at that domain. Is there anyway around this? I see there used to be a umask option but that is gone in 1.2.x.
Here's a fix for v2.0: http://hg.dovecot.org/dovecot-2.0/rev/0dfd28b930b3
But for v1.2 you'd just have to create those directories manually or maybe with a postlogin script http://wiki.dovecot.org/PostLoginScripting (but that doesn't work if you use deliver).
Ah Thank you much sir! Looking forward to the 2.0 final release!
-- Jordan Tardif DreamHost
participants (3)
-
Jordan Tardif
-
Mark Moseley
-
Timo Sirainen