Permissions and ownership on /dev/shm/dovecot
João Silva
joaopfmlist at lipc.fis.uc.pt
Fri Mar 25 15:46:42 UTC 2022
I'm not sure about that configuration.
I have seen huge index cache files for users with lots of mail, putting
those in memory may be a risk.
On 25/03/2022 14:56, doug wrote:
> Hi,
>
> Environment: Dovecot 2.3.18 running on CentOS 7, mdbox, LDAP users
>
> I'm in the process of moving my mailboxes to NFS and moving with lock
> and index files in temp storage following instructions from
> https://doc.dovecot.org/configuration_manual/nfs.
>
> I set mail_location as:
>
> mail_location =
> mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index
>
> What I discovered is /dev/shm/dovecot is created by the initial user
> who accesses their mail from a client, and with permissions 700. This
> prevents subsequent users from creating their own index and lock files.
>
> # ls -l /dev/shm/dovecot
> total 0
> drwx------ 2 mary users 60 Mar 25 10:00 mary
>
> Sample error message from maillog during mail delivery and from a
> dsync script.
>
> Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>
> dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>
> I couldn't locate documentation or discussions on how to set the
> ownership or permissions for /dev/shm/dovecot in the Dovecot
> configuration files.
>
> As a hack, I added this to /usr/libexec/dovecot/prestartscript.
>
> ! [[ -d /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot
> chown dovecot:users /dev/shm/dovecot
> chmod 770 /dev/shm/dovecot
>
> This solved the problem, but left me wondering if I missed something
> obvious or if I am setting myself up for a problem later on, like with
> a Dovecot version upgrade. I could run these commands at bootup out of
> rc.local or a systemd script rather than customizing a Dovecot
> provided script.
>
> Is there a appropriate way of doing this that I missed?
>
> TIA,
> Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/85626c48/attachment.htm>
More information about the dovecot
mailing list