[Dovecot] Dovecot on FC3 with Active Directory authentication

Jeff Ramsey ramsejc at tubafor.com
Sun Oct 9 01:04:18 EEST 2005 

On Oct 08, 2005, at 10:41 AM, Ignacio Vazquez-Abrams wrote:

> On Fri, 2005-10-07 at 11:23 -0700, Jeff Ramsey wrote:
>
>> On Oct 06, 2005, at 11:16 AM, Ignacio Vazquez-Abrams wrote:
>>
>>
>>> On Thu, 2005-10-06 at 10:28 -0700, Jeff Ramsey wrote:
>>>
>>>
>>>> /etc/pam.d/ssh, /etc/pam.d/login, and /etc/pam.d/gdm all have a  
>>>> line
>>>> calling mkhomedir.so, which is using the /etc/skel home directory
>>>> skeleton to create the user's home dir upon successful login,
>>>> however, when I add that line to /etc/pam.d/dovecot, I get a
>>>> permission denied error in /var/log/maillog. I'm assuming this is
>>>> because dovecot is running as the user at this point, and therefore
>>>> does not have the necessary permissions to create a folder under /
>>>> home/DOMAIN/, which is where the home dir is supposed to be. If I
>>>> manually create the folder, and set it's permissions, or if the  
>>>> user
>>>> logs in via any of the before-mentioned methods, dovecot and  
>>>> sendmail
>>>> work great.
>>>>
>>>>
>>>
>>> Which section did you add it to?
>>>
>>
>> Here is my /etc/pam.d/dovecot:
>>
>
> Based on what I've been able to find on the web it appears that your
> conjecture is correct. The dovecot daemon simply doesn't have the  
> proper
> permissions to create the home directory.
>
> AFAICT the only way to really fix this is to set the permissions
> on /home to 0777, which of course has security repercussions of its
> own.You could also write a daemon that creates home directories when a
> new user is created, but I don't know enough about your environment to
> give a starting point.
>

Thanks for assuring me that I was not losing my mind.

I'll study up on writing such a daemon. If I write a script that is  
called from /etc/pam.d/dovecot, then uses 'su' to become a non-root  
user with write permissions to /home, this seems like the best way to  
do this, correct? Or are you suggesting that I write an actual daemon  
that runs and waits for the users to login, and then creates the home  
dir?

I've done the former once or twice, but never the latter. It may be  
above my knowledge of Linux shell scripting. (Maybe another reason to  
buy a new shell scripting book...)

Thanks again,

Jeff Ramsey
MIS Administrator
Tubafor Mill, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20051008/4edc8897/PGP.pgp

More information about the dovecot mailing list