[Dovecot] permissions on auth-userdb

Charles Marcus CMarcus at Media-Brokers.com
Sat Jun 23 13:34:06 EEST 2012


It would be nice if there were a wiki page specifically describing how 
permissions should be set for all of the services/directories that 
dovecot uses.

Even better would be a dovecot/doveconf command that would test the 
permissions and, if possible, even fix them (like the postfix 
'set-permissions' command)...

On 2012-06-22 11:46 AM, robert coore <robertcoore at yahoo.com> wrote:
>   <spamvoll<at>  googlemail.com>  writes:
>
>>
>> Hi..
>>
>> im still trying to upgrade to 2.0.
>> Im getting:
>> dovecot: lda: Error: userdb lookup:
>> connect(/var/run/dovecot/auth-userdb) failed: Permission denied
>> (euid=10000(vmail) egid=10000(vmail) missing +r perm:
>> /var/run/dovecot/auth-userdb, euid is not dir owner)
>>
>> the error is correct caus its owned by root. My Questions is who should own
> it ?
>> Im not sure how that works, what process/user calls the auth-userdb ?
>> The auth-userdb returns the args generated in master.conf, right ?
>>
>> i think comment out the user and group setting in master.conf will fix
>> it but im not sure if that is the securest way.
>>
>> the mails come from postfix via dovecot-lda
>>
>> Hans
>>
>> master.conf
>> service auth {
>>    # auth_socket_path points to this userdb socket by default. It's typically
>>    # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
>>    # permissions make it readable only by root, but you may need to relax
> these
>>    # permissions. Users that have access to this socket are able to get a list
>>    # of all usernames and get results of everyone's userdb lookups.
>>    unix_listener auth-userdb {
>>      mode = 0600
>>      #user = vmail
>>      #group = vmail
>>    }
>>
>> auth-ldap.conf.ext
>> passdb {
>>    driver = ldap
>>    args = /etc/dovecot/dovecot-ldap.conf.ext
>> }
>> userdb {
>>    driver = static
>>    args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
>> mail=/home/MAILBOXES/%u/mail
>> }
>>
>>
>
>
> Hi all was getting the same errors took me 2 days to understand what it was
> saying to me but i finally solved it
>
>
>
> if you do an ls -l /var/run/dovecot/auth-userdb you will seet that root is the
> owner and the premissions are srw-------- so vmail has not right to call or
> even use the process
> What i did was a chown -R vmail:vmail /var/run/dovecot/auth-userdb
> I also did a chmod g+r /var/run/dovecot/auth-userdb
> ls -l /var/run/dovecot/auth-userdb
> srw----r-- 1 vmail vmail
> my unix_listener auth-userdb {
>      mode = 600
>     {
>
> protocol lda {
>    auth_socket_path = /var/run/dovecot/auth-userdb
>    log_path = /home/vmail/dovecot-deliver.log
>
> that worked for me
> 1. havent restarted the dovecot service dont know if it will keep the settings.
>
>
>
>
>
>


-- 

Best regards,

Charles Marcus
I.T. Director
Media Brokers International, Inc.
678.514.6200 x224 | 678.514.6299 fax



More information about the dovecot mailing list