IMAP hibernate feature committed

Timo Sirainen tss at iki.fi
Tue Aug 25 20:21:11 UTC 2015 

> On 25 Aug 2015, at 20:55, Thomas Leuxner <tlx at leuxner.net> wrote:
> 
> * Timo Sirainen <tss at iki.fi> 2015.08.25 17:28:
> 
>>>> ==> /var/log/dovecot/dovecot.log <==
>>>> Aug 25 09:42:07 nihlus dovecot: imap(tlx at leuxner.net): Error: net_connect_unix(/var/run/dovecot/imap-hibernate) failed: Permission denied
>>>> Aug 25 09:42:07 nihlus dovecot: imap(tlx at leuxner.net): Error: Couldn't hibernate imap client: Couldn't export state: Virtual mailboxes have no GUIDs
> 
> Those are completely gone with the latest two commits. I was expecting the permission error to fire up. It seems a bit too quite. If it works would it spawn a hibernate-process? It looks so from the service section, but I don't see any "hibernate" processes active.

It no longer logs an error if the selected mailbox is virtual. It simply doesn't start up the hibernate process. If you set mail_debug=yes it'll log why it won't start the hibernation. Also just committed a change that logs the mailbox name.

>>> 'chmod 666' mitigates the permission issue on the socket. However it seems to have other issues then:
>> 
>> You can also change the unix_listener { user, group, mode } as needed for different services (imap, imap-hibernate). http://wiki2.dovecot.org/Services has some more info.
> 
> $ doveconf -a | grep -A 20 'service imap-hibernate'
> service imap-hibernate {
>  […]
>  unix_listener imap-hibernate {
>    group = 
>    mode = 0600
>    user = 
>  }
>  user = $default_internal_user
> 
> The question is what user it should be - or what user it should match in case several users come into play. With the standard setting $default_internal_user as above it does not work out of the box (at least with my config). 

There's no good default setting here. It depends on your userdb settings and/or mail_uid setting. So for example if your imap processes are running as vmail user, you should set service imap-hibernate { unix_listener imap-hibernate { user = vmail } }. Then again if you are using system users (or otherwise multiple UIDs) it gets more difficult to implement this securely (mode=0666 works always, but security isn't too good). This same problem exists for various other parts of Dovecot, for example indexer-worker and dict services.

More information about the dovecot mailing list