Re: [Dovecot] permissions on auth-userdb

23 Jun 2012

      It would be nice if there were a wiki page specifically describing how
permissions should be set for all of the services/directories that
dovecot uses.
Even better would be a dovecot/doveconf command that would test the
permissions and, if possible, even fix them (like the postfix
'set-permissions' command)...
On 2012-06-22 11:46 AM, robert coore <robertcoore@yahoo.com> wrote:
...
<spamvoll<at>  googlemail.com>  writes:
...
Hi..
im still trying to upgrade to 2.0.
Im getting:
dovecot: lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: Permission denied
(euid=10000(vmail) egid=10000(vmail) missing +r perm:
/var/run/dovecot/auth-userdb, euid is not dir owner)
the error is correct caus its owned by root. My Questions is who should own
it ?
...
Im not sure how that works, what process/user calls the auth-userdb ?
The auth-userdb returns the args generated in master.conf, right ?
i think comment out the user and group setting in master.conf will fix
it but im not sure if that is the securest way.
the mails come from postfix via dovecot-lda
Hans
master.conf
service auth {
auth_socket_path points to this userdb socket by default. It's typically
used by dovecot-lda, doveadm, possibly imap process, etc. Its default
permissions make it readable only by root, but you may need to relax
these
permissions. Users that have access to this socket are able to get a list
of all usernames and get results of everyone's userdb lookups.
unix_listener auth-userdb {
mode = 0600
#user = vmail
#group = vmail
}
auth-ldap.conf.ext
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
mail=/home/MAILBOXES/%u/mail
}
Hi all was getting the same errors took me 2 days to understand what it was
saying to me but i finally solved it
if you do an ls -l /var/run/dovecot/auth-userdb you will seet that root is the
owner and the premissions are srw-------- so vmail has not right to call or
even use the process
What i did was a chown -R vmail:vmail /var/run/dovecot/auth-userdb
I also did a chmod g+r /var/run/dovecot/auth-userdb
ls -l /var/run/dovecot/auth-userdb
srw----r-- 1 vmail vmail
my unix_listener auth-userdb {
mode = 600
{
protocol lda {
auth_socket_path = /var/run/dovecot/auth-userdb
log_path = /home/vmail/dovecot-deliver.log
that worked for me

havent restarted the dovecot service dont know if it will keep the settings.

--
Best regards,
Charles Marcus
I.T. Director
Media Brokers International, Inc.
678.514.6200 x224 | 678.514.6299 fax