[Dovecot] Maildir permissions and Solr re-indexing
Michael Welsh Duggan
mwd at md5i.com
Thu Aug 1 04:07:48 EEST 2013
Joseph Tam <jtam.home at gmail.com> writes:
> Michael Welsh Duggan writes:
>
>> All the files in my Maildir are owned by md5i:mail (I am md5i), and have
>> 660 permissions. All directories have the same user:group permissions,
>> and 770 with the setguid bit set. (That last may not be necessary, but
>> ...
>>
>> doveadm(md5i): Error:
>> fchown(/home/md5i/Maildir/.mail.test/dovecot.index.log.newlock,
>> group=8(mail)) failed: Operation not permitted (egid=1000(md5i),
>> group based on /home/md5i/Maildir/.mail.test - see
>> http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
>>
>> After this, each directory has a dovecot.index.log with md5i:md5i 600
>> permissions.
>
> I think the cause is clear enough: you (user=md5i/uid=1000) are not
> part of group mail (gid=8), so the dovecot user process doing things on
> your behalf cannot create index files that are anlogous to the mailbox
> it's indexing.
>
> You can either
>
> 1) add "md5i" to group mail
> 2) remove g+w permission on your mail files (making group
> membership irrelevant)
> 3) fiddle with "mail_privileged_group = mail", but I'm a little
> hazy on all the ramifications of this.
>
> I don't know your particular circumstances, so I don't know which
> is best. If (big if) nothing on your system (particularly the MTA)
> requires access to your mail spool files by running as group=mail,
> probably 2) is your best option.
Thank you. 2) did the trick, and I think I understand how this works
now.
--
Michael Welsh Duggan
(md5i at md5i.com)
More information about the dovecot
mailing list