Disabling of userdb/passdb modules using config statements
Jeroen Massar
jeroen at massar.ch
Fri Apr 10 09:59:05 UTC 2015
Hola,
Debian (and possibly other distros) use the /etc/dovecot/conf.d/* setup
where default config files are stuffed and then one can just add a
99-myconfig.conf et voila, variables are overruled.
This allows the distro to supply updates to the files at package upgrade
time without any/much user intervention.
The problem (for me ;) is that the system comes provided with:
auth-system.conf.ext containing:
passdb {
driver = pam
}
userdb {
driver = passwd
}
Hence pam & /etc/passwd based are always enabled.
This while I don't have any local users.
Replication seems to then always pick up the local users, which are
vmail + nobody (65536).
doveadm user '*' thus reports vmail, nobody + virtual users
Setting:
first_valid_uid = 5000
last_valid_uid = 5000
only keeps vmail in there, but apparently some module (guess
replication) is still able to figure out that 'nobody' exists:
Apr 10 09:48:25 mail dovecot: doveadm(IPADDR,nobody): Error: Mail access
for users with UID 65534 not permitted (see first_valid_uid in config
file, uid from userdb lookup).
Apr 10 09:48:25 mail dovecot: doveadm(IPADDR,nobody): Error:
dsync-server: User init failed
Apr 10 09:49:38 mail dovecot: doveadm(nobody): Error: sync: Failed to
start remote dsync-server command: Remote exit_code=75
and on the other side:
Apr 10 09:54:38 mail dovecot: doveadm(nobody): Error: sync: Unknown user
in remote
This can be resolved by commenting out the entries in
auth-system.conf.ext but then I'll have to do that again at package
upgrade time.
Hence, would it be a cool option to be able (in the 99-myconfig.conf)
file to put:
passdb {
driver = pam
enabled = false
}
userdb {
driver = passwd
enabled = false
}
And thereby disabling those modules completely? Thus avoiding upgrade
conflicts etc.
Greets,
Jeroen
More information about the dovecot
mailing list