'doveadm expunge' with -A and userdb { driver = passwd }
I'm expunging mail in my crontab like this:
doveadm search -u user1 mailbox INBOX.Trash savedbefore 30d doveadm search -u user2 mailbox INBOX.Trash savedbefore 30d doveadm search -u user3 mailbox INBOX.Trash savedbefore 30d ...
I'd rather do this:
doveadm search -A mailbox INBOX.Trash savedbefore 30d
but I'm told not to:
"If the -A option is present, the command will be performed for all users. Using this option in combination with system users from userdb { driver = passwd } is not recommended, because it contains also users with a lower UID than the one configured with the first_valid_uid setting."
I'm using userdb { driver = passwd-file } but I'm guessing that's the same thing. Am I understanding this correctly?
- Grant
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 31 Aug 2015, Grant wrote:
doveadm search -A mailbox INBOX.Trash savedbefore 30d
but I'm told not to:
"If the -A option is present, the command will be performed for all users. Using this option in combination with system users from userdb { driver = passwd } is not recommended, because it contains also users with a lower UID than the one configured with the first_valid_uid setting."
I'm using userdb { driver = passwd-file } but I'm guessing that's the same thing. Am I understanding this correctly?
Which passwd-file do you use? Does this file contains any users, which uid is lower than first_valid_uid?
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVeVHrnz1H7kL/d9rAQIQlAf/XDInanijWJPkwLTGsoIE4ibxLAJx98Zr KCOKTImdYfKE7M3DW6RhSiGod5j4nckbJnEjT9wBF1rRltJq/UO2yZfdhVu4Hj9X py/AMw9d3h1wd4grwl1ciSDXcI2e8Z9sdpwKn/Gwn45jLb/6pEQPFFmU8S5p0nv9 fTMOs6NNBD1G7vQdZyu4Z6qbXeLtiBq1XTwzBeQ3dysSeOBfpzApVlCjr2CYbrdR g7nshg/LBA8ZFD2Jd4r71kyFVRkxDcc03/C0StamSF+ay4tYc8VXo31NknqCcCuM +3fzufyQ9S+rFumpEp20XQjkyjFMBsWbpP3ebLsnVPGrIPhQpBy2Dg== =NyT3 -----END PGP SIGNATURE-----
doveadm search -A mailbox INBOX.Trash savedbefore 30d
but I'm told not to:
"If the -A option is present, the command will be performed for all users. Using this option in combination with system users from userdb { driver = passwd } is not recommended, because it contains also users with a lower UID than the one configured with the first_valid_uid setting."
I'm using userdb { driver = passwd-file } but I'm guessing that's the same thing. Am I understanding this correctly?
Which passwd-file do you use? Does this file contains any users, which uid is lower than first_valid_uid?
Here's what my Gentoo-default auth-passwdfile.conf.ext says:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users }
But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren't mail users (nobody, etc).
- Grant
Le 2 sept. 2015 à 14:55, Grant a écrit :
[…] Here's what my Gentoo-default auth-passwdfile.conf.ext says:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users }
But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren’t mail users (nobody, etc).
Hello Grant,
So as to avoid any ambiguity, could you post the output of "doveconf -n"?
Axel
[…] Here's what my Gentoo-default auth-passwdfile.conf.ext says:
passdb { driver = passwd-file args = scheme=CRYPT username_format=%u /etc/dovecot/users } userdb { driver = passwd-file args = username_format=%u /etc/dovecot/users }
But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren’t mail users (nobody, etc).
Hello Grant,
So as to avoid any ambiguity, could you post the output of "doveconf -n"?
Sure, here it is:
# doveconf -n # 2.2.16: /etc/dovecot/dovecot.conf # OS: Linux x86_64 Gentoo Base System release 2.2 listen = 127.0.0.1 mail_location = maildir:~/.maildir namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = INBOX. separator = . } passdb { args = * driver = pam } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 143 } } ssl_cert =
- Grant
Le 4 sept. 2015 à 06:19, Grant a écrit :
[…]
But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren’t mail users (nobody, etc).
Hello Grant,
So as to avoid any ambiguity, could you post the output of "doveconf -n"?
Sure, here it is:
# doveconf -n # 2.2.16: /etc/dovecot/dovecot.conf # OS: Linux x86_64 Gentoo Base System release 2.2 listen = 127.0.0.1 mail_location = maildir:~/.maildir […] passdb { args = * driver = pam } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } […] userdb { driver = passwd } userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file }
Thank you, Grant.
It thus appears that your server is configured to make use of system users, for both user authentication and user lookup. That you don’t have a /etc/dovecot/users file just means that the system is the only source for user information.
You may find more details at http://wiki2.dovecot.org/Authentication/MultipleDatabases.
And yes, the warning about doveadm’s -A option thus appears to be relevant in your case.
HTH, Axel
But I don't have an /etc/dovecot/users file. I also don't seem to have any mail user uid lower than 1000, but I do have some users above 1000 which aren’t mail users (nobody, etc).
Hello Grant,
So as to avoid any ambiguity, could you post the output of "doveconf -n"?
Sure, here it is:
# doveconf -n # 2.2.16: /etc/dovecot/dovecot.conf # OS: Linux x86_64 Gentoo Base System release 2.2 listen = 127.0.0.1 mail_location = maildir:~/.maildir […] passdb { args = * driver = pam } passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } […] userdb { driver = passwd } userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file }
Thank you, Grant.
It thus appears that your server is configured to make use of system users, for both user authentication and user lookup. That you don’t have a /etc/dovecot/users file just means that the system is the only source for user information.
You may find more details at http://wiki2.dovecot.org/Authentication/MultipleDatabases.
And yes, the warning about doveadm’s -A option thus appears to be relevant in your case.
In that case it sounds like my best options would be to either continue expunging old mail with a separate line for each user or switch to /etc/dovecot/users for user lookup and maintain a list of mail users there so I can use doveadm -A. How can I switch to /etc/dovecot/users?
- Grant
Le 4 sept. 2015 à 19:38, Grant emailgrant@gmail.com a écrit : […]
And yes, the warning about doveadm’s -A option thus appears to be relevant in your case.
In that case it sounds like my best options would be to either continue expunging old mail with a separate line for each user or switch to /etc/dovecot/users for user lookup and maintain a list of mail users there so I can use doveadm -A. How can I switch to /etc/dovecot/users?
Note that the warning may be obsolete for recent versions of Dovecot, in the sense that (IIRC) doveadm’s iteration upon system users might honor the first_valid_uid (and last_valid_uid) settings since several years now.
A quick look at the code tends to show this is indeed the case; of course, only Timo could tell for sure. ;-)
Should it be the case, and provided you are running a sufficiently recent version of Dovecot, you could just explicitly set those values in your configuration file, in accordance to the uids you have allocated to your mail users.
HTH, Axel
participants (3)
-
Axel Luttgens
-
Grant
-
Steffen Kaiser