dovecot - Jun 2010 - Dovecot 2.0 auth socket error

Hi Timo,

ok, when dovecot starts up, it creates the socket files in
/usr/local/var/run/dovecot for the auth and a variety of other socket
stuff you have going on. It creates these socket files with root ownership.

But I have in the config files that dovecot is running as a particular
user (in this case uid100 and gid100) to match the global mail systems
needs.

I use qmail as the delivery agent, and when qmail envokes deliver, I get
the following errors in the qmail log files :

@400000004c1b18f22ea7a05c delivery 1497: deferral:
lda:_Error:_userdb_lookup:_connect(/usr/local/var/run/dovecot/auth-userdb)_failed:_Permission_denied_(euid=100(sn)_egid=100(sn)_missing_+w_perm:_/usr/local/var/run/dovecot/auth-userdb,_euid_is_not_dir_owner)/lda:_Fatal:_Internal_error_occurred._Refer_to_server_log_for_more_information./

Now, from what I can tell, this is complaining that the socket doesn't
have write permission for the group, because it is owned by root and
created with only 600 permissions...I can chmod the file to add the rw
for the group, and then it appears to start working ok, but if I stop
and start dovecot, it will only re-create those files with the 600
permissions...

It appears that this is not happening in the version 1.2.11 code base as
I this machine is a new one that I am testing 2.0 code on...

Am I missing a proper setting somewhere?

here is my dovecot -l :

# 2.0.beta6: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 8.0-RELEASE-p3 i386
auth_username_format = %Lu
auth_username_translation = %@
auth_verbose = yes
disable_plaintext_auth = no
dotlock_use_excl = yes
first_valid_uid = 100
listen = *
lock_method = dotlock
log_path = /local/logs/dovecot.errors
mail_gid = 100
mail_location = maildir:%h/Maildir
mail_nfs_index = yes
mail_nfs_storage = yes
mail_uid = 100
mmap_disable = yes
passdb {
  args = /bin/checkpassword_dovecot_auth
  driver = checkpassword
}
plugin {
  quota = maildir
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/Maildir/sieve
}
protocols = imap pop3 managesieve
quota_full_tempfail = yes
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  driver = prefetch
}
userdb {
  args = /bin/checkpassword_dovecot_deliver
  driver = checkpassword
}
verbose_proctitle = yes
protocol pop3 {
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
  mail_plugins = quota sieve
}
protocol imap {
  mail_plugins = quota imap_quota
}


Thanks,

Tim.

On Fri, 2010-06-18 at 01:11 -0700, Tim Traver wrote:
> Now, from what I can tell, this is complaining that the socket doesn't
> have write permission for the group, because it is owned by root and
> created with only 600 permissions...I can chmod the file to add the rw
> for the group, and then it appears to start working ok, but if I stop
> and start dovecot, it will only re-create those files with the 600
> permissions...
example-config/conf.d/10-master.conf:

service auth {
  # auth_socket_path points to this userdb socket by default. It's typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone's userdb lookups.
  unix_listener auth-userdb {
    #mode = 0600
    #user = 
    #group = 
  }
..