Mark Sapiro
2008-May-07 15:51 UTC
[Dovecot] Clarification wanted on mail_access_groups vs. mail_privileged_group
I have just upgraded to dovecot 1.0.13.
All the documentation I can find in the example .conf file and the NEWS
and ChangeLog files seems to say that the mail_privileged_group = mail
setting is all I should need to make dovecot use group mail to create
dotlock files.
My understanding from what I read is that mail_privileged_group is used
to set the group used while creating dotlock files in (in my case)
/var/spool/mail, and mail_access_groups is used to set the group used
to actually access the mailbox.
In my case, /var/spool/mail is group 'mail and group writable/searchable
drwxrwxr-x 2 root mail 4096 May 7 08:35 /var/spool/mail
and the individual mailboxes are owned by the respective users. So it
seems that I would need "mail_privileged_group = mail" do be able to
create dotlock files in /var/spool/mail, and that I would not need any
mail_access_groups as the users can access their own mailboxes.
But this doesn't work. With "mail_privileged_group = mail" and
mail_access_groups unset, I get
May 6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed
with mbox file /var/spool/mail/xxx: Permission denied
Yet with "mail_access_groups = mail" and mail_privileged_group unset,
it works with no problem.
Is my understanding wrong? Is the documentation wrong? Is the
implementation wrong? Or is there just something wierd in my case
(possibly pop3_lock_session = yes)?
# dovecot -n
# 1.0.13: /usr/local/etc/dovecot.conf
protocols: pop3 pop3s
ssl_cert_file: /etc/postfix/grizz-cert.pem
ssl_key_file: /etc/postfix/grizz-key.pem
login_dir: /usr/local/var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/pop3-login
mail_access_groups: mail
mail_location: /var/spool/mail/%u
mbox_write_locks: fcntl dotlock
mail_executable: /usr/local/libexec/dovecot/pop3
mail_plugin_dir: /usr/local/lib/dovecot/pop3
pop3_lock_session: yes
pop3_uidl_format: %08Xu%08Xv
auth default:
mechanisms: plain apop login
worker_max_count: 5
passdb:
driver: passwd-file
args: /usr/local/etc/dovecot.passwd
passdb:
driver: pam
userdb:
driver: passwd
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
Timo Sirainen
2008-May-07 19:32 UTC
[Dovecot] Clarification wanted on mail_access_groups vs. mail_privileged_group
On Wed, 2008-05-07 at 08:51 -0700, Mark Sapiro wrote:> But this doesn't work. With "mail_privileged_group = mail" and > mail_access_groups unset, I get > > May 6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed > with mbox file /var/spool/mail/xxx: Permission deniedIt should have worked. What OS do you use? -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080507/96a2f4e8/attachment-0002.bin>
Mark Sapiro
2008-May-07 19:48 UTC
[Dovecot] Clarification wanted on mail_access_groups vs.mail_privileged_group
Timo Sirainen wrote:> >On Wed, 2008-05-07 at 08:51 -0700, Mark Sapiro wrote: >> But this doesn't work. With "mail_privileged_group = mail" and >> mail_access_groups unset, I get >> >> May 6 12:48:54 sbh16 dovecot: POP3(xxx): file_lock_dotlock() failed >> with mbox file /var/spool/mail/xxx: Permission denied > >It should have worked. What OS do you use?CentOS 5 -- Mark Sapiro <mark at msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan