[Dovecot] LDA and auth-userdb socket permissions

[a.smith at ukgrid.net]

Quoting Timo Sirainen <tss at iki.fi>:

>
> No, that's the least of its troubles. If you can't run dovecot-lda  
> as root, it won't be able to change its UID to the user's UID (and  
> so won't have enough permissions to be able to write mails to user's  
> mailbox). So you need to run dovecot-lda as root in some way, and  
> after that it becomes pretty much irrelevant what auth-userdb's  
> permissions are.
>

Hmmm, well in my setup dovecot-lda is called from Exim with "user="  
set to a MySQL query. I'd guess that that means Exim runs dovecot-lda  
as the user directly so I don't have the issue you mention above. But  
where the permission on the auth-userdb socket are root:vmail 0660,  
the dovecot-lda is called as vmail and the vmail user is a member of  
the vmail group I get the error:

Aug 11 03:38:06 lda: Error: userdb lookup:  
connect(/var/run/dovecot/auth-userdb) failed: Permission denied  
(euid=25110(vmail) egid=25110(vmail) missing +r perm:  
/var/run/dovecot/auth-userdb, euid is not dir owner)

In the dovecot log when dovecot-lda is called. Hence I thought the  
socket permissions where related to the multiple UID restriction...

thanks Andy.