Doveadm service as non-root user

Fri Feb 1 23:16:37 EET 2019

Running: Ubuntu xenial, dovecot 2.2.36

I've been working on moving our user base from maildir to mdbox and trying
to come up with solutions for things like moving emails around. In the
past, with maildir, our support guys could just mv the files around and
done. For mdbox, I've been working on getting things set up to use doveadm.

One weirdness I've seen is that in imports (i.e. doveadm import), mail gets
copied correctly but the resulting files are left with root ownership (I
don't have 'service doveadm' 'user' set, so I guess it defaults to root).
It's typically new m.* files as well as the dovecot.list.index
and dovecot.list.index.log files.

Looking at strace, no chown is done on them, nor was there setuid. The
import had no trouble finding the correct user in the db, so I know that it
knows the correct UID (I can see it just fine in debug logs too). And it
will happily import to existing m.* files with no permissions issues (but
considering it's running as root, I wouldn't expect it to).

I've seen this using 'import' via IMAPc as well as with both src and dest
on the same server. I can see this behavior in both scenarios. We have a
single shared UID for mail, so especially in that "src/dest on same server"
case, it's not a matter of UID-mismatch.

It's a director setup, so all doveadm commands are coming through the
director. If I run the import directly on the backend (which obviously
would be a bad idea in real life), the ownership of new m.* files seems to
be correct (I can see it setuid'ing to the correct UID from userdb in
strace). If I run the import on the director, I can get a new root-owned
file every time it rolls over to the next m.* file.

Two questions:

* Is that a bug? Is this expected behavior? Seems like the expected thing
would be to use the UID from userdb and either do a setuid (just like
running 'doveadm import' locally did) or chown'ing any new files to the
correct UID. I always always assume misconfiguration (vs bug, since it's
almost never a bug) but I'm baffled on this one.

* I see that it's possible to set a user for service doveadm and the wiki
even suggests that it's a good idea in a single UID setup. If there are no
mailboxes with any other UIDs, *will setting 'service doveadm' to the same
UID possibly break anything*? I can't think of why it would, but I want to
be duly diligent. Plus I'm a little leery about closing the door to ever
having additional UIDs for mailboxes.

Happy to provide 'doveconf -n' but wanted to check first, before spending
15 minutes gently obfuscating it :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190201/8e3ca8b3/attachment.html>