[Dovecot] Maildir permissions and Solr re-indexing

Joseph Tam jtam.home at gmail.com
Tue Jul 30 03:14:41 EEST 2013

Michael Welsh Duggan writes:

> All the files in my Maildir are owned by md5i:mail (I am md5i), and have
> 660 permissions.  All directories have the same user:group permissions,
> and 770 with the setguid bit set.  (That last may not be necessary, but
> ...
> doveadm(md5i): Error: fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(md5i), group based on /home/md5i/Maildir/.mail.test - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
> After this, each directory has a dovecot.index.log with md5i:md5i 600
> permissions.

I think the cause is clear enough: you (user=md5i/uid=1000) are not
part of group mail (gid=8), so the dovecot user process doing things on
your behalf cannot create index files that are anlogous to the mailbox
it's indexing.

You can either

 	1) add "md5i" to group mail
 	2) remove g+w permission on your mail files (making group
 		membership irrelevant)
 	3) fiddle with "mail_privileged_group = mail", but I'm a little
 		hazy on all the ramifications of this.

I don't know your particular circumstances, so I don't know which
is best.  If (big if) nothing on your system (particularly the MTA)
requires access to your mail spool files by running as group=mail,
probably 2) is your best option.

Joseph Tam <jtam.home at gmail.com>

More information about the dovecot mailing list