[Dovecot] LDA and auth-userdb socket permissions
a.smith at ukgrid.net
a.smith at ukgrid.net
Tue Aug 23 19:37:08 EEST 2011
Quoting Timo Sirainen <tss at iki.fi>:
>
> No, that's the least of its troubles. If you can't run dovecot-lda
> as root, it won't be able to change its UID to the user's UID (and
> so won't have enough permissions to be able to write mails to user's
> mailbox). So you need to run dovecot-lda as root in some way, and
> after that it becomes pretty much irrelevant what auth-userdb's
> permissions are.
>
Hmmm, well in my setup dovecot-lda is called from Exim with "user="
set to a MySQL query. I'd guess that that means Exim runs dovecot-lda
as the user directly so I don't have the issue you mention above. But
where the permission on the auth-userdb socket are root:vmail 0660,
the dovecot-lda is called as vmail and the vmail user is a member of
the vmail group I get the error:
Aug 11 03:38:06 lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: Permission denied
(euid=25110(vmail) egid=25110(vmail) missing +r perm:
/var/run/dovecot/auth-userdb, euid is not dir owner)
In the dovecot log when dovecot-lda is called. Hence I thought the
socket permissions where related to the multiple UID restriction...
thanks Andy.
More information about the dovecot
mailing list