rastik at tereus.eu
2011-Feb-03 06:50 UTC
[Dovecot] EUID not changing when delivering to a mailbox
Hello,
I've set up virtual mailboxes and I'm using one uid/gid pair
(mail/mail) to deliver almost all messages. Some accounts I'd like to
have accessible by local Linux accounts as well, so postfix is
delivering them using separate uids (gid stays the same). But I run
into a problem when dovecot auth correctly fetches uid/gid from MySQL
database, but still uses general mail uid to access the mailbox
instead of user uid.
This is what I have in dovecot log:
dovecot: auth(default): client in: AUTH 1 PLAIN service=imap
secured lip=myipaddr rip=myipaddr lport=143
rport=55513
dovecot: auth(default): client out: CONT 1
dovecot: auth(default): client in: CONT<hidden>
dovecot: auth-worker(default): sql(joe at mydomain.com,myipaddr): query:
SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user,
password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid
FROM mailbox WHERE username = 'joe at mydomain.com' AND active = 1
dovecot: auth(default): client out: OK 1 user=joe at mydomain.com
uid=1000 gid=12
dovecot: auth(default): master in: REQUEST 11 17252 1
dovecot: auth(default): prefetch(joe at mydomain.com,myipaddr): success
dovecot: auth(default): master out: USER 11 joe at mydomain.com
home=/var/mail/mydomain.com/joe/ quota_rule=*:bytes=-1
dovecot: imap-login: Login: user=<joe at mydomain.com>, method=PLAIN,
rip=myipaddr, lip=myipaddr, TLS
dovecot: IMAP(joe at mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir) failed: Permission denied
(euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe at mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe at mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
dovecot: IMAP(joe at mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe at mydomain.com):
stat(/var/mail/mydomain.com/joe/indexes/.INBOX) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +x perm:
/var/mail/mydomain.com/joe/indexes)
dovecot: IMAP(joe at mydomain.com):
file_dotlock_create(/var/mail/mydomain.com/joe/Maildir/dovecot-uidlist)
failed: Permission denied (euid=8(mail) egid=12(mail) missing +w perm:
/var/mail/mydomain.com/joe/Maildir)
ricola dovecot: IMAP(joe at mydomain.com):
opendir(/var/mail/mydomain.com/joe/Maildir/new) failed: Permission
denied (euid=8(mail) egid=12(mail) missing +r perm:
/var/mail/mydomain.com/joe/Maildir/new)
dovecot: IMAP(joe at mydomain.com): Disconnected: Logged out bytes=171/775
My configuration is:
# 1.2.16: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.36-hardened-r6 x86_64 Gentoo Base System release 2.0.1 ext4
listen: *, [::]
ssl_cert_file: /etc/ssl/dovecot/server.pem
ssl_key_file: /etc/ssl/dovecot/server.key
login_dir: /var/run/dovecot/login
login_executable: /usr/libexec/dovecot/imap-login
first_valid_uid: 8
last_valid_uid: 1999
first_valid_gid: 12
last_valid_gid: 12
mail_privileged_group: mail
mail_uid: 8
mail_gid: 12
mail_location: maildir:/var/mail/%d/%n/Maildir/:INDEX=/var/mail/%d/%n/indexes
lda:
postmaster_address: postmaster at mydomain.com
mail_plugins: quota
auth default:
mechanisms: plain login
user: nobody
verbose: yes
debug: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: prefetch
userdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: mail
group: mail
I'm not sure if I got the concept correctly, but I was expecting that
dovecot will use uid from the database. I was not able to find any
relevant information in the archives. If it was explained already in
the past, please send me some keywords that would help me find it.
Thank you,
Rastislav Wartiak
Timo Sirainen
2011-Feb-04 17:52 UTC
[Dovecot] EUID not changing when delivering to a mailbox
On Thu, 2011-02-03 at 07:50 +0100, rastik at tereus.eu wrote:> dovecot: auth-worker(default): sql(joe at mydomain.com,myipaddr): query: > SELECT CONCAT('/var/mail/', maildir) AS userdb_home, username as user, > password, CONCAT('*:bytes=', quota) AS userdb_quota_rule, uid, gid > FROM mailbox WHERE username = 'joe at mydomain.com' AND active = 1 > dovecot: auth(default): client out: OK 1 user=joe at mydomain.com > uid=1000 gid=12It's returning uid and gid to login process as a reply to passdb query. They're ignored by login process.> dovecot: auth(default): master in: REQUEST 11 17252 1 > dovecot: auth(default): prefetch(joe at mydomain.com,myipaddr): success > dovecot: auth(default): master out: USER 11 joe at mydomain.com > home=/var/mail/mydomain.com/joe/ quota_rule=*:bytes=-1They should be here as a reply to userdb query. So: Prefix uid and gid and with userdb_.