[Dovecot] Clarification wanted on mail_access_groups vs. mail_privileged_group

Mark Sapiro mark at msapiro.net
Wed May 7 18:51:54 EEST 2008


I have just upgraded to dovecot 1.0.13.

All the documentation I can find in the example .conf file and the NEWS
and ChangeLog files seems to say that the mail_privileged_group = mail
setting is all I should need to make dovecot use group mail to create
dotlock files.

My understanding from what I read is that mail_privileged_group is used
to set the group used while creating dotlock files in (in my case)
/var/spool/mail, and mail_access_groups is used to set the group used
to actually access the mailbox.

In my case, /var/spool/mail is group 'mail and group writable/searchable

drwxrwxr-x 2 root mail 4096 May  7 08:35 /var/spool/mail

and the individual mailboxes are owned by the respective users. So it
seems that I would need "mail_privileged_group = mail" do be able to
create dotlock files in /var/spool/mail, and that I would not need any
mail_access_groups as the users can access their own mailboxes.

But this doesn't work. With "mail_privileged_group = mail" and
mail_access_groups unset, I get

May  6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed
with mbox file /var/spool/mail/xxx: Permission denied

Yet with "mail_access_groups = mail" and mail_privileged_group unset,
it works with no problem.

Is my understanding wrong? Is the documentation wrong? Is the
implementation wrong? Or is there just something wierd in my case
(possibly pop3_lock_session = yes)?

# dovecot -n
# 1.0.13: /usr/local/etc/dovecot.conf
protocols: pop3 pop3s
ssl_cert_file: /etc/postfix/grizz-cert.pem
ssl_key_file: /etc/postfix/grizz-key.pem
login_dir: /usr/local/var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/pop3-login
mail_access_groups: mail
mail_location: /var/spool/mail/%u
mbox_write_locks: fcntl dotlock
mail_executable: /usr/local/libexec/dovecot/pop3
mail_plugin_dir: /usr/local/lib/dovecot/pop3
pop3_lock_session: yes
pop3_uidl_format: %08Xu%08Xv
auth default:
  mechanisms: plain apop login
  worker_max_count: 5
  passdb:
    driver: passwd-file
    args: /usr/local/etc/dovecot.passwd
  passdb:
    driver: pam
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 432
      user: postfix
      group: postfix


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



More information about the dovecot mailing list