Unable to authenticate on Dovecot - auth-userdb issue?

Alexander Dalloz ad+lists at uni-x.org
Fri Jan 3 14:25:53 EET 2020 

Am 03.01.2020 um 03:27 schrieb Mark ADAMS:
> Jan 02 18:47:37 shuttle dovecot[6744]: lda(root at shuttle)<6744><>: Error: auth-master: userdb lookup(root at shuttle): connect(/run/dovecot/auth-userdb) failed: Permission denied (euid=8(mail) egid=12(mail) missing +r perm: /run/dovecot/auth-userdb, dir owned by 0:0 mode=0755)

Run "namei -lv /run/dovecot/auth-userdb" to check the permissions of the  
complete path. The auth-userdb socket actually is owned mail:mail  
according to your error logging. Is dovecot member of the mail group?

Actually it does not match the config details you have pasted:

   unix_listener auth-userdb {
     group = dovecot
     mode = 0600
     user = vmail
   }

On my side it looks like this and I have not custom configured that  
part. The defaults are:

   unix_listener auth-userdb {
     group =
     mode = 0666
     user = $default_internal_user
   }

So on my system the permissions look like this:

# namei -lv /var/run/dovecot/auth-userdb
f: /var/run/dovecot/auth-userdb
dr-xr-xr-x root    root    /
drwxr-xr-x root    root    var
drwxr-xr-x root    root    run
drwxr-xr-x root    dovecot dovecot
srw-rw-rw- dovecot root    auth-userdb

> Jan 02 18:47:37 shuttle dovecot[6744]: lda: Fatal: Internal error occurred. Refer to server log for more information.
> Jan 02 18:47:37 shuttle postfix/pipe[6743]: 6345D4A4A97: to=<root at shuttle>, relay=dovecot, delay=1.1, delays=1.1/0.01/0/0.06, dsn=4.3.0, status=deferred (temporary failure. Command output: lda(root at shuttle): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied )
> ^C
> 
> 
> 
> Note: this error references "/run/dovecot/auth-userdb". That isn't even supposed to be the location of that file. I have no idea why that location shows up.  The correct location should be "/etc/dovecot/auth-userdb". The file does exist at that location.

Mark,

I have no idea why you expect the dovecot sockets to be located inside  
/etc/dovecot/. /etc is the FHS location for configurations. /run or  
/var/run (typically a symlink on modern linux distributions) is the  
right location for runtime files like service sockets.

You say /etc/dovecot/auth-userdb exists. Am I correct to guess that you  
have created that manually with whatever content?

Alexander

More information about the dovecot mailing list