Greetings all. Please forgive me if I'm posting something that has already been addressed, but my google-foo is not strong enough to find the solution. I've got a dovecot server running version 2.0.19 on Gentoo Hardened. I have Postfix as my MTA, and it is calling the Dovecot LDA to deliver the mail. Everything is working great, mail is being delivered, and the users are happy. However, I am noticing that I have random entries like this: Mar 1 20:19:23 hermes dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: Permission denied (euid=97(dovecot) egid=97(dovecot) missing +r perm: /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) Mar 1 20:19:23 hermes dovecot: lda: Fatal: Internal error occurred. Refer to server log for more information. Since these messages came from the server log, looking in the server log for more information is rather pointless. I have 10-master.conf configured as follows: service auth { unix_listener auth-userdb { mode = 0600 user = vmail group = vmail } In 15-lda.conf I have: protocol lda { mail_plugins = $mail_plugins sieve quota } In Postfix master.cf, I have the following: dovecot unix - n n - - pipe flags=DRhu user=vmail:users argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${user}@${nexthop} Permissions on the socket are: srw------- 1 vmail vmail 0 Feb 24 23:43 auth-userdb Judging from the log, my problem is that the LDA appears to be trying to access the socket as the dovecot user (rather than the vmail user), but my question is why? What logging can I use to tell me if postfix is calling with the wrong permissions or if the lda is somehow getting confused? Any help or suggestions greatly appreciated. Thanks, Gizmo
Chris Richards wrote:> I've got a dovecot server running version 2.0.19 on Gentoo Hardened. I > have Postfix as my MTA, and it is calling the Dovecot LDA to deliver the > mail. Everything is working great, mail is being delivered, and the users > are happy. > > However, I am noticing that I have random entries like this: > > Mar 1 20:19:23 hermes dovecot: lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=97(dovecot) egid=97(dovecot) missing +r perm: > /var/run/dovecot/auth-userdb, dir owned by 0:0 mode=0755) > Mar 1 20:19:23 hermes dovecot: lda: Fatal: Internal error occurred. Refer > to server log for more information. > > In Postfix master.cf, I have the following: > dovecot unix - n n - - pipe > flags=DRhu user=vmail:users argv=/usr/libexec/dovecot/deliver -f > ${sender} -d ${user}@${nexthop} > > Permissions on the socket are: > srw------- 1 vmail vmail 0 Feb 24 23:43 auth-userdb > > Judging from the log, my problem is that the LDA appears to be trying to > access the socket as the dovecot user (rather than the vmail user), but my > question is why? What logging can I use to tell me if postfix is calling > with the wrong permissions or if the lda is somehow getting confused?Have a look at http://wiki2.dovecot.org/LDA http://wiki2.dovecot.org/LDA/Postfix Maybe there you will find some helpful hints. Is /usr/libexec/dovecot/deliver or /usr/libexec/dovecot/dovecot-lda somehow setuid or setgid and owner/group dovecot? Where does the effective user euid=97(dovecot) and effective group egid=97(dovecot) come from, is it somewhere your dovecot config? Please show full output of # doveconf -n # stat /usr/libexec/dovecot/deliver # stat /usr/libexec/dovecot/dovecot-lda Regards Daniel -- https://plus.google.com/103021802792276734820