Doveadm service as non-root user

Mark Moseley moseleymark at gmail.com
Tue Feb 12 20:43:45 EET 2019 

On Mon, Feb 4, 2019 at 12:04 PM Mark Moseley <moseleymark at gmail.com> wrote:

>
> On Fri, Feb 1, 2019 at 11:37 PM Aki Tuomi <aki.tuomi at open-xchange.com>
> wrote:
>
>>
>> On 01 February 2019 at 23:16 Mark Moseley < moseleymark at gmail.com>
>> wrote:
>>
>>
>> Running: Ubuntu xenial, dovecot 2.2.36
>>
>> I've been working on moving our user base from maildir to mdbox and
>> trying
>> to come up with solutions for things like moving emails around. In the
>> past, with maildir, our support guys could just mv the files around and
>> done. For mdbox, I've been working on getting things set up to use
>> doveadm.
>>
>> One weirdness I've seen is that in imports (i.e. doveadm import), mail
>> gets
>> copied correctly but the resulting files are left with root ownership (I
>> don't have 'service doveadm' 'user' set, so I guess it defaults to root).
>> It's typically new m.* files as well as the dovecot.list.index
>> and dovecot.list.index.log files.
>>
>> Looking at strace, no chown is done on them, nor was there setuid. The
>> import had no trouble finding the correct user in the db, so I know that
>> it
>> knows the correct UID (I can see it just fine in debug logs too). And it
>> will happily import to existing m.* files with no permissions issues (but
>> considering it's running as root, I wouldn't expect it to).
>>
>> I've seen this using 'import' via IMAPc as well as with both src and dest
>> on the same server. I can see this behavior in both scenarios. We have a
>> single shared UID for mail, so especially in that "src/dest on same
>> server"
>> case, it's not a matter of UID-mismatch.
>>
>> It's a director setup, so all doveadm commands are coming through the
>> director. If I run the import directly on the backend (which obviously
>> would be a bad idea in real life), the ownership of new m.* files seems
>> to
>> be correct (I can see it setuid'ing to the correct UID from userdb in
>> strace). If I run the import on the director, I can get a new root-owned
>> file every time it rolls over to the next m.* file.
>>
>> Two questions:
>>
>> * Is that a bug? Is this expected behavior? Seems like the expected thing
>> would be to use the UID from userdb and either do a setuid (just like
>> running 'doveadm import' locally did) or chown'ing any new files to the
>> correct UID. I always always assume misconfiguration (vs bug, since it's
>> almost never a bug) but I'm baffled on this one.
>>
>> * I see that it's possible to set a user for service doveadm and the wiki
>> even suggests that it's a good idea in a single UID setup. If there are
>> no
>> mailboxes with any other UIDs, *will setting 'service doveadm' to the
>> same
>> UID possibly break anything*? I can't think of why it would, but I want
>> to
>> be duly diligent. Plus I'm a little leery about closing the door to ever
>> having additional UIDs for mailboxes.
>>
>> Happy to provide 'doveconf -n' but wanted to check first, before spending
>> 15 minutes gently obfuscating it :)
>>
>>
>> Can you try
>>
>> doveadm import -U victim -u victim ... ?
>> ---
>> Aki Tuomi
>>
>
>
> Is that to test a generic 'import from sourceUser to dest user' (i.e.
> victim isn't literally the same in both -u and -U) or are you looking for a
> test where 'sourceUser' is the same email account as the destination?
>
> I just want to make sure I'm understanding right. The original tests (that
> result in the root-owned files) were all -U userA -u userB (i.e. different
> email accounts for src and dest), if you're asking about the former.
>
> If you're asking about the latter, I ran that and got the same result, a
> root-owned dovecot.list.index.log and dovecot.list.index and freshly
> created m.* files. The message count in the destination mailbox increases
> by the right number (no surprise since it's running as root), so the import
> itself is working.
>
> I should add that in both cases (different src/dest email account and same
> src/dest), the import works ok -- or at least increments the count in the
> index. It just leaves the email account in a broken state. Re-chown'ing it
> to the current permissions makes it happy again and the newly imported
> messages show up.
>


Any chance Aki's hit-the-nail-on-the-head answer got lost in the ether due
to the DMARC snafu? :)

I'm going forward for now with running doveadm as the unix user that owns
all the mailbox, so no urgency, but it's still a bit perplexing (and if
it's a bug, good to stomp out).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20190212/b065cb59/attachment.html>

More information about the dovecot mailing list