[Dovecot] File/folder permission issues in 2.1.3

Christian Rößner c at roessner-network-solutions.com
Thu Mar 29 13:24:18 EEST 2012 

Hi,

I figured out that Dovecot does not honer secondary groups with auth/auth-worker (??), if doing LDAP/TLS stuff. I had to use file system acls to add the user "vmail" to /etc/ssl/private and to the corresponding key file:


doveconf -n

# 2.1.3: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-40-generic-pae i686 Ubuntu 10.04.4 LTS 
auth_master_user_separator = *
auth_mechanisms = plain login
auth_verbose = yes
hostname = mail.roessner-net.de
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_access_groups = vmail
mail_gid = vmail
mail_location = mdbox:~/mdbox
mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
  list = children
  location = mdbox:%%h/mdbox
  prefix = shared/%%u/
  separator = /
  subscriptions = no
  type = shared
}
namespace inbox {
  inbox = yes
  location = 
  mailbox "Deleted Messages" {
    special_use = \Trash
  }
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  mailbox junkmail {
    special_use = \Junk
  }
  prefix = 
  separator = /
  type = private
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = file:/var/mail/virtual/shared-mailboxes.db
  autocreate = Trash
  autocreate2 = Sent
  autocreate3 = Drafts
  autocreate4 = junkmail
  autosubscribe = Trash
  autosubscribe2 = Sent
  autosubscribe3 = Drafts
  autosubscribe4 = junkmail
  fts = solr
  fts_solr = break-imap-search url=http://localhost:8080/solr/
  mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
  mail_log_fields = uid box msgid size
  quota = dict:User quota::file:%h/mdbox/dovecot-quota
  quota_rule = *:storage=300M:messages=20000
  quota_warning = storage=95%% quota-warning 95 %u
  quota_warning2 = storage=80%% quota-warning 80 %u
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  zlib_save = gz
  zlib_save_level = 6
}
protocols = imap pop3 lmtp sieve
service auth-worker {
  unix_listener auth-worker {
    user = vmail
  }
  user = vmail
}
service auth {
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = vmail
}
service dict {
  unix_listener dict {
    mode = 0600
    user = vmail
  }
}
service lmtp {
  inet_listener lmtp {
    address = ::1
    port = 24
  }
}
service quota-warning {
  executable = script /usr/local/bin/quota-warning.sh
  unix_listener quota-warning {
    user = vmail
  }
  user = dovecot
}
ssl_ca = </ca/psw_net/SSL123_CA_Bundle.pem
ssl_cert = </ca/psw_net/mail_roessner-net_de.crt
ssl_key = </ca/psw_net/mail_roessner-net_de.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
verbose_proctitle = yes
protocol lmtp {
  mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify sieve
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
  mail_max_userip_connections = 50
  mail_plugins = autocreate quota acl fts fts_solr zlib mail_log notify imap_quota imap_acl imap_zlib
}



Normally, mail is placed under /var/mail/virtual as user vmail, group vmail. Is there something wrong with my config that prevents switching to secondary groups?



/etc/dovecot/dovecot-ldap.conf.ext:


uris = ldap://ldap0.roessner-net.de/ ldap://db.roessner-net.de/
sasl_bind = yes
sasl_mech = EXTERNAL
tls = yes
tls_ca_cert_file = /etc/ssl/certs/ca-certificates.crt
tls_cert_file = /etc/ssl/certs/mx0.roessner-net.de.pem
tls_key_file = /etc/ssl/private/mx0.roessner-net.de.key.pem
tls_require_cert = hard
base = ou=people,ou=it,dc=roessner-net,dc=de
user_attrs = rnsMSQuota=quota_rule=*:storage=%$,rnsMSMailboxHome=home
user_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u))
pass_attrs = rnsMSDeliverToAddress=user,userPassword=password
pass_filter = (&(objectClass=rnsMSDovecotAccount)(rnsMSRecipientAddress=%u)(rnsMSEnableDovecot=TRUE))
iterate_attrs = rnsMSDovecotUser=user
iterate_filter = (objectClass=rnsMSDovecotAccount)
default_pass_scheme = CRYPT



Thanks in advance.

-Christian

---
Roessner-Network-Solutions
Bachelor of Science Informatik
Nahrungsberg 81, 35390 Gießen
F: +49 641 5879091, M: +49 176 93118939
USt-IdNr.: DE225643613
http://www.roessner-network-solutions.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3880 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20120329/cdad9534/attachment-0002.bin>

More information about the dovecot mailing list