Hi..
im still trying to upgrade to 2.0.
Im getting:
dovecot: lda: Error: userdb lookup:
connect(/var/run/dovecot/auth-userdb) failed: Permission denied
(euid=10000(vmail) egid=10000(vmail) missing +r perm:
/var/run/dovecot/auth-userdb, euid is not dir owner)
the error is correct caus its owned by root. My Questions is who should own it ?
Im not sure how that works, what process/user calls the auth-userdb ?
The auth-userdb returns the args generated in master.conf, right ?
i think comment out the user and group setting in master.conf will fix
it but im not sure if that is the securest way.
the mails come from postfix via dovecot-lda
Hans
master.conf
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Its default
# permissions make it readable only by root, but you may need to relax these
# permissions. Users that have access to this socket are able to get a list
# of all usernames and get results of everyone's userdb lookups.
unix_listener auth-userdb {
mode = 0600
#user = vmail
#group = vmail
}
auth-ldap.conf.ext
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}
userdb {
driver = static
args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/
mail=/home/MAILBOXES/%u/mail
}
Op 31-8-2010 2:13, spamvoll at googlemail.com schreef:> Hi.. > > im still trying to upgrade to 2.0. > Im getting: > dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=10000(vmail) egid=10000(vmail) missing +r perm: > /var/run/dovecot/auth-userdb, euid is not dir owner) > > the error is correct caus its owned by root. My Questions is who should own it ? > Im not sure how that works, what process/user calls the auth-userdb ? > The auth-userdb returns the args generated in master.conf, right ? > > i think comment out the user and group setting in master.conf will fix > it but im not sure if that is the securest way. > > the mails come from postfix via dovecot-lda > > Hans > > master.conf > service auth { > # auth_socket_path points to this userdb socket by default. It's typically > # used by dovecot-lda, doveadm, possibly imap process, etc. Its default > # permissions make it readable only by root, but you may need to relax these > # permissions. Users that have access to this socket are able to get a list > # of all usernames and get results of everyone's userdb lookups. > unix_listener auth-userdb { > mode = 0600 > #user = vmail > #group = vmail > } > > auth-ldap.conf.ext > passdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/ > mail=/home/MAILBOXES/%u/mail > }Had more or less the same fight with 1.2.9. I had to change auth user to the group 'shadow' (if /etc/shadow is owned by group shadow). Or run auth under the default user 'root'. In your case it has to do with the passdb and/or userdb you use. In my case I had the problems with local users via pam. HTH Egbert Jan
On Tue, 2010-08-31 at 02:13 +0200, spamvoll at googlemail.com wrote:> Hi.. > > im still trying to upgrade to 2.0. > Im getting: > dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=10000(vmail) egid=10000(vmail) missing +r perm: > /var/run/dovecot/auth-userdb, euid is not dir owner)You're calling dovecot-lda as the user vmail:vmail, probably from your MTA. Probably it's not being called by anyone else.> service auth { > # auth_socket_path points to this userdb socket by default. It's typically > # used by dovecot-lda, doveadm, possibly imap process, etc. Its default > # permissions make it readable only by root, but you may need to relax these > # permissions. Users that have access to this socket are able to get a list > # of all usernames and get results of everyone's userdb lookups. > unix_listener auth-userdb { > mode = 0600 > #user = vmail > #group = vmailComment out the user/group lines above and that should work fine.
<spamvoll <at> googlemail.com> writes:> > Hi.. > > im still trying to upgrade to 2.0. > Im getting: > dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=10000(vmail) egid=10000(vmail) missing +r perm: > /var/run/dovecot/auth-userdb, euid is not dir owner) > > the error is correct caus its owned by root. My Questions is who should ownit ?> Im not sure how that works, what process/user calls the auth-userdb ? > The auth-userdb returns the args generated in master.conf, right ? > > i think comment out the user and group setting in master.conf will fix > it but im not sure if that is the securest way. > > the mails come from postfix via dovecot-lda > > Hans > > master.conf > service auth { > # auth_socket_path points to this userdb socket by default. It's typically > # used by dovecot-lda, doveadm, possibly imap process, etc. Its default > # permissions make it readable only by root, but you may need to relaxthese> # permissions. Users that have access to this socket are able to get a list > # of all usernames and get results of everyone's userdb lookups. > unix_listener auth-userdb { > mode = 0600 > #user = vmail > #group = vmail > } > > auth-ldap.conf.ext > passdb { > driver = ldap > args = /etc/dovecot/dovecot-ldap.conf.ext > } > userdb { > driver = static > args = uid=vmail gid=vmail home=/home/MAILBOXES/%u/ > mail=/home/MAILBOXES/%u/mail > } > >Hi all was getting the same errors took me 2 days to understand what it was saying to me but i finally solved it if you do an ls -l /var/run/dovecot/auth-userdb you will seet that root is the owner and the premissions are srw-------- so vmail has not right to call or even use the process What i did was a chown -R vmail:vmail /var/run/dovecot/auth-userdb I also did a chmod g+r /var/run/dovecot/auth-userdb ls -l /var/run/dovecot/auth-userdb srw----r-- 1 vmail vmail my unix_listener auth-userdb { mode = 600 { protocol lda { auth_socket_path = /var/run/dovecot/auth-userdb log_path = /home/vmail/dovecot-deliver.log that worked for me 1. havent restarted the dovecot service dont know if it will keep the settings.