Permissions and ownership on /dev/shm/dovecot

João Silva joaopfmlist at lipc.fis.uc.pt
Fri Mar 25 15:46:42 UTC 2022 

I'm not sure about that configuration.

I have seen huge index cache files for users with lots of mail, putting 
those in memory may be a risk.


On 25/03/2022 14:56, doug wrote:
> Hi,
>
> Environment: Dovecot 2.3.18 running on CentOS 7, mdbox, LDAP users
>
> I'm in the process of moving my mailboxes to NFS and moving with lock 
> and index files in temp storage following instructions from 
> https://doc.dovecot.org/configuration_manual/nfs.
>
> I set mail_location as:
>
>     mail_location =
>     mdbox:/mailstore/%u/mail:VOLATILEDIR=/dev/shm/dovecot/%u:LISTINDEX=/dev/shm/dovecot/%u/dovecot.list.index
>
> What I discovered is /dev/shm/dovecot is created by the initial user 
> who accesses their mail from a client, and with permissions 700.  This 
> prevents subsequent users from creating their own index and lock files.
>
>     # ls -l /dev/shm/dovecot
>     total 0
>     drwx------ 2 mary users 60 Mar 25 10:00 mary
>
> Sample error message from maillog during mail delivery and from a 
> dsync script.
>
>     Mar 25 10:37:15 mailsrv1 dovecot: imap(doug)<19284><WKcX5gvbRe7AqFhA>: Error: mkdir(/dev/shm/dovecot/doug) failed: Permission denied (euid=1002(doug) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>
>     dsync(test): Error: mkdir(/dev/shm/dovecot/test) failed: Permission denied (euid=2003(test) egid=100(users) missing +x perm: /dev/shm/dovecot, dir owned by 97:100 mode=0700)
>
> I couldn't locate documentation or discussions on how to set the 
> ownership or permissions for /dev/shm/dovecot in the Dovecot 
> configuration files.
>
> As a hack, I added this to /usr/libexec/dovecot/prestartscript.
>
>     ! [[ -d  /dev/shm/dovecot ]] && mkdir /dev/shm/dovecot
>     chown dovecot:users /dev/shm/dovecot
>     chmod 770 /dev/shm/dovecot
>
> This solved the problem, but left me wondering if I missed something 
> obvious or if I am setting myself up for a problem later on, like with 
> a Dovecot version upgrade. I could run these commands at bootup out of 
> rc.local or a systemd script rather than customizing a Dovecot 
> provided script.
>
> Is there a appropriate way of doing this that I missed?
>
> TIA,
> Doug
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220325/85626c48/attachment.htm>

More information about the dovecot mailing list