Permissions and ownership on /dev/shm/dovecot

doug cincodemayo_67 at yahoo.com
Fri Mar 25 14:56:26 UTC 2022 

Hi,

Environment: Dovecot 2.3.18 running on CentOS 7, mdbox, LDAP users

I'm in the process of moving my mailboxes to NFS and moving with lock 
and index files in temp storage following instructions from 
https://doc.dovecot.org/configuration_manual/nfs.

I set mail_location as:

    mail_location =
    mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index

What I discovered is /dev/shm/dovecot is created by the initial user who 
accesses their mail from a client, and with permissions 700.  This 
prevents subsequent users from creating their own index and lock files.

    # ls -l /dev/shm/dovecot
    total 0
    drwx------ 2 mary users 60 Mar 25 10:00 mary

Sample error message from maillog during mail delivery and from a dsync 
script.

    Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)

    dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)

I couldn't locate documentation or discussions on how to set the 
ownership or permissions for /dev/shm/dovecot in the Dovecot 
configuration files.

As a hack, I added this to /usr/libexec/dovecot/prestartscript.

    ! [[ -d  /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot
    chown dovecot:users /dev/shm/dovecot
    chmod 770 /dev/shm/dovecot

This solved the problem, but left me wondering if I missed something 
obvious or if I am setting myself up for a problem later on, like with a 
Dovecot version upgrade. I could run these commands at bootup out of 
rc.local or a systemd script rather than customizing a Dovecot provided 
script.

Is there a appropriate way of doing this that I missed?

TIA,
Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/852fd5a4/attachment.htm>

More information about the dovecot mailing list