Permissions for new folders
David Cigánek
dave at mtfbwy.cz
Fri Apr 8 10:56:34 UTC 2016
Hi,
I have a problem with permissions for newly created folders in Dovecot.
Everything worked fine until few days ago, when i did a little change in
userdb lookup - but i don't know why it is causing problems.
Server uses following directory structure:
index - /data/mail/index
mail - /data/mail/mail
alt - /data/mail/archive
all 3 on separate volumes, for performance reasons.
Up until few days, i used following:
# doveadm user dave at example.com
field value
user dave at example.com
uid 13726
gid 1004
home /data/mail/mail/003/3726/da/dave
mail
mdbox:~/mbox/:DIRNAME=.00f-dbox-Mails:INDEX=/data/mail/stub/index/data/mail/mail/003/3726/da/dave:ALT=/data/mail/stub/archive/data/mail/mail/003/3726/da/dave
config is quite simple:
mail_location =
mdbox:~/mbox/:DIRNAME=.00f-dbox-Mails:INDEX=/data/mail/stub/index%h:ALT=/data/mail/stub/archive%h
passdb {
driver = sql
args = /data/mail/sql/dovecot-sql.conf.ext
}
userdb {
driver = static
args = gid=vmail
}
from SQL i get those fileds
username
domain
password
userdb_home
userdb_uid
userdb_quota_rule
userdb_quota_over_flag
For nicer paths, i created a symlinks
/data/mail/stub/index/data/mail -> /data/mail/index
/data/mail/stub/archive/data/mail -> /data/mail/archive
so path /data/mail/stub/index/data/mail/mail/003/3726/da/dave is in fact
in /data/mail/index/003/3726/da/dave
In that setup, everything worked fine, but i didn't like those simlinks,
so i altered the SQL query to return all paths in userdb_mail filed:
# doveadm user dave at example.com
field value
user dave at example.com
uid 13726
gid 1004
home /data/mail/mail/003/3726/da/dave
mail
mdbox:~/mbox/:DIRNAME=.00f-dbox-Mails:INDEX=/data/mail/index/003/3726/da/dave:ALT=/data/mail/archive/003/3726/da/dave
So everything is in fact the same but little nicer. But since then,
newly created directories doesn't get the same permissions like parent
folder as day should (2770), but instead they are created with 2700:
# stat -c "%a (%A)" /data/mail/mail/
2770 (drwxrws---)
# stat -c "%a (%A)" /data/mail/mail/003
2700 (drwx--S---)
I need to have there 2770 perms, especialy because when other user like
this is created:
user dave at example.com
uid 13999
gid 1004
home /data/mail/mail/003/3999/da/dave
Dovecot is unable to create directory /data/mail/mail/003/3999, because
it doesn't have write permissions for group on /data/mail/mail/003.
I can't find any reason for this behavior - is it something in Dovecot
or am I doing something wrong?
Thank you,
David
Dovecot version: 2.2.21
# doveconf -n
# 2.2.21 (5345f22): /usr/local/dovecot/2.2.21/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.12 (c1c0a23)
# OS: Linux 3.10.0-327.4.5.el7.x86_64 x86_64 CentOS Linux release
7.2.1511 (Core)
auth_master_user_separator = xxxxxx
dict {
sieve_movespam = mysql:/data/mail/sql/dovecot-movespam-sql.conf.ext
sieve_redirect = mysql:/data/mail/sql/dovecot-redirects-sql.conf.ext
}
mail_location =
mdbox:~/mbox/:DIRNAME=.00f-dbox-Mails:INDEX=/data/mail/stub/index%h:ALT=/data/mail/stub/archive%h
mail_plugins = " quota notify replication"
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart extracttext
mdbox_rotate_size = 15 M
passdb {
args = xxxxxx
driver = passwd-file
master = yes
pass = yes
skip = authenticated
}
passdb {
args = /data/mail/sql/dovecot-sql.conf.ext
driver = sql
}
passdb {
args = /data/mail/sql/dovecot-catchall-sql.conf.ext
driver = sql
}
plugin {
mail_replica = tcp:xxx:xxx
quota = dict:user-quota::file:~/user_quota.dat
quota2 = dict:domain-quota:%d:file:~/../../domain_quota.dat
quota2_over_flag_value = 1
quota2_over_script = quota-warning domain %d %n@%d %i missmatch2
quota2_rule = *:bytes=500M
quota2_rule2 = Trash:bytes=+5%%
quota2_warning = bytes=90%% quota-warning domain %d %n@%d %i warn 90
quota2_warning2 = bytes=100%% quota-warning domain %d %n@%d %i over 100
quota2_warning3 = -bytes=100%% quota-warning domain %d %n@%d %i under 100
quota_grace = 5%%
quota_over_flag_value = 1
quota_over_script = quota-warning user %n %n@%d %i missmatch1
quota_rule = *:bytes=0
quota_rule2 = Trash:bytes=+5%%
quota_warning = bytes=90%% quota-warning user %n %n@%d %i warn 90
quota_warning2 = bytes=100%% quota-warning user %n %n@%d %i over 100
quota_warning3 = -bytes=100%% quota-warning user %n %n@%d %i under 100
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = dict:proxy::sieve_movespam;name=sieve_movespam;bindir=~
sieve_before2 = dict:proxy::sieve_redirect;name=sieve_before;bindir=~
sieve_max_actions = 500
sieve_max_redirects = 500
sieve_redirect_envelope_from = recipient
}
pop3_no_flag_updates = yes
protocols = imap pop3 lmtp sieve
replication_dsync_parameters = -1 -d -N -l 30 -U
replication_max_conns = 5
service aggregator {
fifo_listener replication-notify-fifo {
group = vmail
mode = 0660
user = vmail
}
unix_listener replication-notify {
group = vmail
mode = 0660
user = vmail
}
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = vmail
}
}
service doveadm {
inet_listener {
port = xxxx
}
}
service imap-login {
client_limit = 10000
inet_listener imap {
port = 143
}
process_min_avail = 50
service_count = 0
vsz_limit = 256 M
}
service imap {
client_limit = 1
process_limit = 20000
vsz_limit = 1 G
}
service lmtp {
inet_listener lmtp {
port = 2525
}
}
service pop3-login {
inet_listener pop3 {
port = 110
}
}
service quota-warning {
executable = script /data/mail/scripts/quota-actions.sh
unix_listener quota-warning {
mode = 0666
}
user = root
}
service replicator {
process_min_avail = 1
unix_listener replicator-doveadm {
mode = 0666
}
}
ssl = no
ssl_client_ca_file = /etc/pki/tls/cert.pem
syslog_facility = local5
userdb {
args = gid=vmail
driver = static
}
userdb {
args = /data/mail/sql/dovecot-sql.conf.ext
driver = sql
override_fields = gid=vmail
}
protocol imap {
mail_max_userip_connections = 1000
mail_plugins = " quota notify replication imap_quota"
}
protocol lmtp {
mail_plugins = " quota notify replication sieve"
}
protocol lda {
mail_plugins = " quota notify replication sieve"
}
More information about the dovecot
mailing list