[Dovecot] Ubuntu, Exim, deliver: permissions/setgid problem

Sam Hathaway list.dovecot at munkynet.org
Fri Jan 26 04:01:43 UTC 2007


Hello all,

I have a little problem. I'm trying to set up Dovecot deliver (1.0 beta
3) as the LDA for Exim4 on Ubuntu 6.06 with MBOX, and I'm running into
permissions problems. Exim typically wants to run pipes as the user to
whom the mail is being delivered (as per the "check_local_user").
deliver needs access to the auth socket and needs to be able to create
files in /var/mail.

In Ubuntu, /var/mail is writeable by group mail, but not by others. So I
thought I'd make deliver run as the user to whom the mail is being
delivered (as per default) and with group "mail" (so it can create files
in /var/mail). I also set the auth socket to be group-writeable and gave
it the group mail. So theoretically, deliver should be able to:

- connect to the socket
- create dotfiles in /var/mail
- write to the user's mailbox

The problem I'm running into is that deliver tries to setgid to the
primary group of the target user, and dies when it can't. I specifically
do NOT want it to do this, because regular users don't have permission
to write to /var/mail.

I've also tried making deliver SUID root (as recommended on this list)
or SGID mail (like procmail is) but I get the same error. If I also
disable the "group = mail" line in the dovecot_deliver_user router in
exim4.conf, I still get the same error.

If I disable the "group = mail" line without making deliver SUID or
SGID, then it can no longer connect to the auth socket. In this case it
runs with the group of the user for whom the mail is being delivered,
i.e. sam-adm (#10000).

I've also tried adding "user = mail" to the transport, to no avail.

The ONE way I've been able to make it work is to remove "group = mail"
from exim4.conf and set the socket's mode to 0666, but I've seen
warnings that allowing world-access to the socket is dangerous.

I'm actually not sure why this works, since in this case it's running
with both the UID and GID of the target user, and therefore shouldn't be
able to create files in /var/mail.

Can anyone untangle this for me? From what I've read, in Debian delivery
agents should run with group "mail" (procmail is SGID mail). It seems to
me that the way to go is to spawn it with group mail, allow group mail
access to the auth socket, and be done with it. But this is prevented
from working since it insists on resetting back to the user's primary group.

Thanks,
Sam Hathaway

The relevent section of my dovecot.conf looks like this:

protocol lda {
 postmaster_address = postmaster at uofr.net
 log_path = /var/log/dovecot-lda.log
}

auth default {
 mechanisms = plain
 socket listen {
   master {
     path = /var/run/dovecot-auth-master
     mode = 0660
     group = mail
   }
 }
 # ... (other auth config directives here)
}

And the relevent parts of my exim4.conf are as follows:

# in router section:
local_user:
 debug_print = "R: local_user for $local_part@$domain"
 driver = accept
 domains = +local_domains
 check_local_user
 local_part_suffix = +*
 local_part_suffix_optional
 local_parts = ! root
 transport = dovecot_deliver_user

# in transport section:
dovecot_deliver_user:
 debug_print = "T: pipe for $local_part@$domain"
 driver = pipe
 command = /usr/lib/dovecot/deliver -d $local_part
 message_prefix =
 message_suffix =
 log_output
 delivery_date_add
 envelope_to_add
 return_path_add
 group = mail

Here are the permissions on some interesting files/dirs:

-rwxr-xr-x 1 root    mail 551424 2006-11-22 21:59 /usr/lib/dovecot/deliver
drwxrwsr-t 2 root    mail   1024 2007-01-25 14:14 /var/mail
-rw-rw---- 1 sam-adm mail    544 2007-01-25 15:58 /var/mail/sam-adm
srw-rw---- 1 root    mail      0 2007-01-25 15:39
/var/run/dovecot-auth-master

And here's how I've been testing:

echo "test" | mail -s "deliver test" sam-adm

When I execute the above command, exim says:

2007-01-25 15:55:01 1HABcb-0006h4-N8 <= sam-adm at vps.uofr.net U=sam-adm P=local S=334
2007-01-25 15:55:02 1HABcb-0006h4-N8 ** sam-adm at vps.uofr.net R=local_user T=dovecot_deliver_user: Child process of dovecot_deliver_user transport returned 89 from command: /usr/lib/dovecot/deliver
2007-01-25 15:55:02 1HABcb-0006h4-N8 Completed

And deliver says:

deliver: "2007-01-25 15:55:02 "Fatal: setgid(10000) failed: Operation not permitted



More information about the dovecot mailing list