[Dovecot] LDA and auth-userdb socket permissions

Timo Sirainen tss at iki.fi
Tue Aug 23 22:19:43 EEST 2011

On Tue, 2011-08-23 at 19:27 +0100, a.smith at ukgrid.net wrote:

> In my test, actually what I have is a vmail user with primary group  
> vmail and secondary group mailnull. Which as mentioned results in this  
> error:

It doesn't actually matter what groups you have assigned to vmail user.
Dovecot only enables the primary group (and not even that if you've
overridden it in config), and apparently Exim does the same too.

The supplementary groups don't automatically get enabled when process's
UID switched, it requires explicit extra code to do it. In most
installations this is just useless extra work and a potential accidental
security hole.

More information about the dovecot mailing list