mephistopheles at operamail.com
2011-Oct-12 02:43 UTC
[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
I have Dovecot2 auth setup to run as
user = doveauth
group = dovecot
configured in,
vi conf.d/10-master.conf
...
service auth {
unix_listener /var/spool/postfix/private/auth {
user = postfix
group = postfix
mode = 0660
}
user = doveauth
group = dovecot
}
service auth-worker {
user = doveauth
group = dovecot
}
...
When I start Dovecot,
ls -al /var/run/dovecot/auth-*
/bin/ls: No match.
service dovecot-custom start
Starting Dovecot ... done
Dovect's auth-process sockets are created with different ownership than
what I specified,
ls -al /var/run/dovecot/auth-*
srw------- 1 root root 0 Oct 11 19:30
/var/run/dovecot/auth-client
srw------- 1 dovecot root 0 Oct 11 19:30
/var/run/dovecot/auth-login
srw------- 1 root root 0 Oct 11 19:30
/var/run/dovecot/auth-master
srw------- 1 root root 0 Oct 11 19:30
/var/run/dovecot/auth-userdb
srw------- 1 dovecot root 0 Oct 11 19:30
/var/run/dovecot/auth-worker
Which causes problems when I test AUTH,
telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot
ready.
a login "xxx at domain.loc" "testpass"
a NO [UNAVAILABLE] Temporary authentication failure.
* OK Waiting for authentication process to respond..
In logs,
==> /var/log/dovecot/dovecot-debug.log <= Oct 11 19:32:11 auth: Debug:
Loading modules from directory:
/usr/lib64/dovecot/modules/auth
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libauthdb_ldap.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_mysql.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_pgsql.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_sqlite.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libmech_gssapi.so
Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397)
Oct 11 19:32:17 auth: Debug: client in: AUTH 1 PLAIN
service=imap secured lip=127.0.0.1 rip=127.0.0.1lport=143
rport=47016 resp=<hidden>
==> /var/log/dovecot/dovecot.log <= Oct 11 19:32:17 auth: Fatal:
net_connect_unix(auth-worker) in
directory /var/run/dovecot failed: Permission denied
(euid=1101(doveauth) egid=305(dovecot) missing +r perm:
/var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755)
What needs to change to get those sockets created with correct/assigned
ownership & perms?
Paul B. Henson
2011-Oct-12 02:53 UTC
[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
On Tue, Oct 11, 2011 at 07:43:42PM -0700, mephistopheles at operamail.com wrote:> service auth-worker { > user = doveauth > group = dovecot > }You need an extra piece here: service auth-worker { user = $default_internal_user unix_listener auth-worker { user = postfix } } It was *not* easy to figure that out; none of the postfix/dovecot how-to's have been updated for dovecot 2. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | henson at csupomona.edu California State Polytechnic University | Pomona CA 91768