Hi,
I use Debian Squeeze and the sources from Stephan Bosch. A few weeks ago I?ve
upgraded from 2.0.11 to 2.0.13 and got an error
May 29 20:01:53 mailserver dovecot: dict: Error: Can't open configuration
file /etc/dovecot/dovecot-dict-sql.conf.ext: Permission denied
May 29 20:01:53 mailserver dovecot: dict: Error: Failed to initialize dictionary
'quota'
and I could see that /etc/dovecot/dovecot-dict-sql.conf.ext is owning by
root:root with 600. After changing to root:root 644 all works, but after each
upgrade all files in /etc/dovecot will be set to 600.
Is it a problem of the dovecot package or should I do some changes to config to
allow dovecot reading the dict file?
Here is my config:
# 2.0.13 (9ae30e5d6935): /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-xen-amd64 x86_64 Debian 6.0.1 ext3
auth_mechanisms = plain login cram-md5
dict {
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
}
first_valid_uid = 106
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_location = maildir:/var/mail/%d/%u
mail_plugins = quota
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
autocreate = Sent Messages
autocreate2 = Deleted Messages
autocreate3 = Drafts
autosubscribe = Sent Messages
autosubscribe2 = Deleted Messages
autosubscribe3 = Drafts
quota = dict:User quota::proxy::quota
quota_rule2 = Deleted Messages:storage=+1GB
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
}
protocols = imap lmtp
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service dict {
unix_listener dict {
group = mail
mode = 0660
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
ssl = required
ssl_cert = </etc/ssl/certs/mailserver-cert.pem
ssl_key = </etc/ssl/private/mailserver-key.pem
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
protocol lmtp {
mail_plugins = quota
}
protocol imap {
mail_plugins = quota imap_quota autocreate
}
local_name mailserver.makomi.de {
ssl_cert = </etc/ssl/certs/mailserver1-cert.pem
ssl_key = </etc/ssl/private/mailserver1-key.pem
}
local_name mailserver.kokoma.de {
ssl_cert = </etc/ssl/certs/mailserver2-cert.pem
ssl_key = </etc/ssl/private/mailserver2-key.pem
}
local_name mailserver.grooveb.de {
ssl_cert = </etc/ssl/certs/mailserver3-cert.pem
ssl_key = </etc/ssl/private/mailserver3-key.pem
}
local_name mailserver.koehler-gohlis.de {
ssl_cert = </etc/ssl/certs/mailserver4-cert.pem
ssl_key = </etc/ssl/private/mailserver4-key.pem
}
local_name mailserver.koehler-schroeder.de {
ssl_cert = </etc/ssl/certs/mailserver5-cert.pem
ssl_key = </etc/ssl/private/mailserver5-key.pem
}
Greetings,
Michael
On Sun, 2011-06-05 at 22:02 +0200, Michael K?hler wrote:> I use Debian Squeeze and the sources from Stephan Bosch. A few weeks ago I?ve upgraded from 2.0.11 to 2.0.13 and got an errorWell, I haven't done any changes..> May 29 20:01:53 mailserver dovecot: dict: Error: Can't open configuration file /etc/dovecot/dovecot-dict-sql.conf.ext: Permission deniedWith the current design this config file is opened late after dropping privileges.> and I could see that /etc/dovecot/dovecot-dict-sql.conf.ext is owning by root:root with 600. After changing to root:root 644 all works, but after each upgrade all files in /etc/dovecot will be set to 600.This config file contains sql password, so it shouldn't be world-readable. Maybe it should be root:dovecot 640, because "dict" process runs as dovecot user by default (and I'd guess dovecot group).