thr3ads.net - dovecot - [Dovecot] deliver net_connect auth-master failed: Permission denied [Sep 2007]

If this information is useful, please help other people find it:
Share via:

Rich Winkel

2007-Sep-26 00:19 UTC

[Dovecot] deliver net_connect auth-master failed: Permission denied

Ok, I've ALMOST got this working ... I can run deliver as a user, but when
I try using it as the default delivery agent from sendmail, I get
deliver(userid): net_connect(/var/run/dovecot/auth-master) failed: Permission
denied

Does deliver run as root, as the recipient's ID, sendmail's ID or
sendmail's GID?  (I'm running freebsd)

Or am I totally clueless ?? 
Here is dovecot -n:

# 1.0.3: /usr/local/etc/dovecot.conf
base_dir: /var/run/dovecot/
listen: localhost:996
ssl_disable: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
login_greeting_capability: yes
first_valid_uid: 100
mail_extra_groups: mail
mail_location:
mbox:~/mail:INBOX=/var/mail/%u:INDEX=/var/spool/dovecot_indexes/%u
lock_method: flock
mbox_read_locks: flock
mbox_write_locks: flock
auth default:
  passdb:
    driver: pam
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/run/dovecot/auth-client
      mode: 432
    master:
      path: /var/run/dovecot/auth-master
      mode: 432

Thanks!!!!!
Rich

Bill Cole

2007-Sep-26 01:07 UTC

head link

[Dovecot] deliver net_connect auth-master failed: Permission denied

At 7:19 PM -0500 9/25/07, Rich Winkel  imposed structure on a stream 
of electrons, yielding:>Ok, I've ALMOST got this working ... I can run deliver as a user, but
when
>I try using it as the default delivery agent from sendmail, I get
>deliver(userid): net_connect(/var/run/dovecot/auth-master) failed: 
>Permission denied
>
>Does deliver run as root, as the recipient's ID, sendmail's ID or
>sendmail's GID?  (I'm running freebsd)
Ideally, it should run SUID+SGID  to a user and group that exist to 
make mail delivery permissions work. See 
http://wiki.dovecot.org/LDA/Sendmail and http://wiki.dovecot.org/LDA

The key bit is on the main LDA page where it describes the master 
socket config and on the Sendmail page where it discusses 'non-root' 
sendmail setups, which is  really applicable to all common setups of 
modern Sendmail.

>Or am I totally clueless ??
Well, the Mizzou address argues one way, but I'll give you the 
benefit of the doubt and say maybe not...
:)

The bottom line: make up a user and group to own the master socket, 
structure your inbox permissions so that deliver can run that way and 
write to them, and make deliver SUID/SGID.

Structuring inbox permissions so that can work is a potentially 
complex problem.
>Here is dovecot -n:
>
># 1.0.3: /usr/local/etc/dovecot.conf
>base_dir: /var/run/dovecot/
>listen: localhost:996
>ssl_disable: yes
>login_dir: /var/run/dovecot/login
>login_executable: /usr/local/libexec/dovecot/imap-login
>login_greeting_capability: yes
>first_valid_uid: 100
>mail_extra_groups: mail
>mail_location: 
>mbox:~/mail:INBOX=/var/mail/%u:INDEX=/var/spool/dovecot_indexes/%u
>lock_method: flock
>mbox_read_locks: flock
>mbox_write_locks: flock
>auth default:
>   passdb:
>     driver: pam
>   userdb:
>     driver: passwd
>   socket:
>     type: listen
>     client:
>       path: /var/run/dovecot/auth-client
>       mode: 432
>     master:
>       path: /var/run/dovecot/auth-master
>       mode: 432
>
>Thanks!!!!!
>Rich
-- 
Bill Cole
bill at scconsult.com

Apparently Analagous Threads

Search for more maybe matching threads

dovecot - Sep 2007 - deliver net_connect auth-master failed: Permission denied

[Dovecot] deliver net_connect auth-master failed: Permission denied

[Dovecot] deliver net_connect auth-master failed: Permission denied

Apparently Analagous Threads