[Dovecot] permissions on auth-userdb
Egbert Jan van den Bussche
egbert at vandenbussche.nl
Tue Aug 31 10:34:41 EEST 2010
Op 31-8-2010 2:13, spamvoll at googlemail.com schreef:
> Hi..
>
> im still trying to upgrade to 2.0.
> Im getting:
> dovecot: lda: Error: userdb lookup:
> connect(/var/run/dovecot/auth-userdb) failed: Permission denied
> (euid=10000(vmail) egid=10000(vmail) missing +r perm:
> /var/run/dovecot/auth-userdb, euid is not dir owner)
>
> the error is correct caus its owned by root. My Questions is who should own it ?
> Im not sure how that works, what process/user calls the auth-userdb ?
> The auth-userdb returns the args generated in master.conf, right ?
>
> i think comment out the user and group setting in master.conf will fix
> it but im not sure if that is the securest way.
>
> the mails come from postfix via dovecot-lda
>
> Hans
>
> master.conf
> service auth {
> # auth_socket_path points to this userdb socket by default. It's typically
> # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
> # permissions make it readable only by root, but you may need to relax these
> # permissions. Users that have access to this socket are able to get a list
> # of all usernames and get results of everyone's userdb lookups.
> unix_listener auth-userdb {
> mode = 0600
> #user = vmail
> #group = vmail
> }
>
> auth-ldap.conf.ext
> passdb {
> driver = ldap
> args = /etc/dovecot/dovecot-ldap.conf.ext
> }
> userdb {
> driver = static
> args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
> mail=/home/MAILBOXES/%u/mail
> }
Had more or less the same fight with 1.2.9. I had to change auth user to
the group 'shadow' (if /etc/shadow is owned by group shadow). Or run
auth under the default user 'root'.
In your case it has to do with the passdb and/or userdb you use. In my
case I had the problems with local users via pam.
HTH
Egbert Jan
More information about the dovecot
mailing list