hi, after i try to use dovecot with ldap i configure dovecot as: ------------------------ first_valid_uid = 499 last_valid_uid = 499 first_valid_gid = 499 last_valid_gid = 499 default_mail_env = maildir:/home/mail/%d/%n auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n auth_passdb = ldap /etc/dovecot-ldap.conf ------------------------ but after this i've got the error in imap.log: ------------------------ dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed with uid 499: Permission denied ------------------------ i see the reason since each user has it's own uid and uid 499 can't access to the users home which has 0700 access right. but why dovecot would like to access the user's home? does it nessesary? since in this case one static uid can be usable or this uid has to be read (write?) access to all user's home. is there any usage of static uid in this case? yours. -- Levente "Si vis pacem para bellum!"
On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote:> default_mail_env = maildir:/home/mail/%d/%n > auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n > auth_passdb = ldap /etc/dovecot-ldap.conf > ------------------------ > but after this i've got the error in imap.log: > ------------------------ > dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed > with uid 499: Permission denied > ------------------------ > i see the reason since each user has it's own uid and uid 499 can't > access to the users home which has 0700 access right. but why dovecot > would like to access the user's home? does it nessesary? since in this > case one static uid can be usable or this uid has to be read (write?) > access to all user's home. is there any usage of static uid in this case?Since you keep all the mail data in /home/mail/ instead of /home/users/, you might as well use /home/mail/%d/%n as user's home directory. Currently home dir is used for nothing else than chdir()ing in there so core dumps can be written. In future it may optionally look some .dovecotrc file from there. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20041229/fb2ba575/attachment-0001.bin>
Timo Sirainen wrote:> On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote: > >>default_mail_env = maildir:/home/mail/%d/%n >>auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n >>auth_passdb = ldap /etc/dovecot-ldap.conf >>------------------------ >>but after this i've got the error in imap.log: >>------------------------ >>dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed >>with uid 499: Permission denied >>------------------------ >>i see the reason since each user has it's own uid and uid 499 can't >>access to the users home which has 0700 access right. but why dovecot >>would like to access the user's home? does it nessesary? since in this >>case one static uid can be usable or this uid has to be read (write?) >>access to all user's home. is there any usage of static uid in this case? > > > Since you keep all the mail data in /home/mail/ instead of /home/users/, > you might as well use /home/mail/%d/%n as user's home directory.since i'd like to separate the user's real home and it's mail directory (home may be accessed by some way, but i would like to "hide" maildir directory). this means the home directory is equal with mail directory? or it only has meaning in case of mbox?> Currently home dir is used for nothing else than chdir()ing in there so > core dumps can be written. In future it may optionally look > some .dovecotrc file from there.this means i have to share this file someway to the users to be able to edit this file? wouldn't it be better to place this file into his real home directory not under the maildir? yours. -- Levente "Si vis pacem para bellum!"
Timo Sirainen wrote:> On Wed, 2004-12-29 at 14:51 +0100, Farkas Levente wrote: > >>default_mail_env = maildir:/home/mail/%d/%n >>auth_userdb = static uid=499 gid=499 home=/home/users/%d/%n >>auth_passdb = ldap /etc/dovecot-ldap.conf >>------------------------ >>but after this i've got the error in imap.log: >>------------------------ >>dovecot: Dec 29 14:39:14 Fatal: chdir(/home/users/<username>) failed >>with uid 499: Permission denied >>------------------------ >>i see the reason since each user has it's own uid and uid 499 can't >>access to the users home which has 0700 access right. but why dovecot >>would like to access the user's home? does it nessesary? since in this >>case one static uid can be usable or this uid has to be read (write?) >>access to all user's home. is there any usage of static uid in this case? > > > Since you keep all the mail data in /home/mail/ instead of /home/users/, > you might as well use /home/mail/%d/%n as user's home directory. > > Currently home dir is used for nothing else than chdir()ing in there so > core dumps can be written. In future it may optionally look > some .dovecotrc file from there.i already read all the wiki and test it. i found in the wiki (which is not documented in the example conf file) that the static user database has both mail and home param, but even i try to set both dovecot try to access the home. so it's clear for me that what you called home is the chroot directory. but in this case imho it should have to called to chroot and not home (with a comment if the maildir is under the user's home than it can be the user's home). in this case i add a new variable %c as the chroot directory. as i read the list i found this is a very anoying naming (as it's a problem for others too), since home is used to be the user's home directory and dovecot has nothing to do with it. anyway it'd be useful to explain in the wiki, what is: default_mail_env valid_chroot_dirs mail_chroot user database's home (home in static, homeDirectory in ldap) user database's mail (mail in static, MAIL env in ldap) since it's not clear to me whether mail_chroot or user database's home is the chroot. whether default_mail_env or user database's mail is the where dovecot search for mails or they are redundant or equivalent or...? -- Levente "Si vis pacem para bellum!"