dovecot - Apr 2013 - Running LMTP as a user other than the root user

Hello,

With this one in Postfix' main.cf:

	virtual_transport = lmtp:unix:/_ROOT/var/run/dovecot/lmtp

and Dovecot settings reproduced at the end of this message, there is no problem
for having mail delivered into a user's INBOX.

But as soon as I try the security improvement suggested in the docs:

	service lmtp {	
		user = dovemailer
	}

this is what I get in the logs:

	postfix/smtpd[52588]: connect from localhost[127.0.0.1]
	postfix/smtpd[52588]: E86B5BD2BA0: client=localhost[127.0.0.1]
	postfix/cleanup[52594]: E86B5BD2BA0: message-id=<20130416171203.E86B5BD2BA0
at ALMba.local>
	postfix/qmgr[88232]: E86B5BD2BA0: from=<test at example.com>, size=315,
nrcpt=1 (queue active)
	dovecot[52568]: lmtp(52596): Debug: none: root=, index=, control=, inbox=, alt
dovecot[52568]: lmtp(52596): Connect from local
	dovecot[52568]: lmtp(52596): Debug: Loading modules from directory:
/_ROOT/dovecot-2.1.16-0.3.4/lib/dovecot
	dovecot[52568]: lmtp(52596): Debug: Module loaded:
/_ROOT/dovecot-2.1.16-0.3.4/lib/dovecot/lib10_quota_plugin.so
	dovecot[52568]: auth: Error: userdb(test at example.com): client doesn't
have lookup permissions for this user: userdb reply doesn't contain uid (to
bypass this check, set: service auth { unix_listener
/_ROOT/var/run/dovecot/auth-userdb { mode=0777 } })
	dovecot[52568]: lmtp(52596): Error: user test at example.com: Auth USER lookup
failed
	dovecot[52568]: lmtp(52596): Debug: auth input: 
	postfix/lmtp[52595]: E86B5BD2BA0: to=<test at example.com>,
relay=ALMba.local[/_ROOT/var/run/dovecot/lmtp], delay=19,
delays=19/0.02/0.17/0.06, dsn=4.3.0, status=deferred (host
ALMba.local[/_ROOT/var/run/dovecot/lmtp] said: 451 4.3.0 <test at
example.com> Internal error occurred. Refer to server log for more
information. (in reply to RCPT TO command))
	dovecot[52568]: lmtp(52596): Disconnect from local: Client quit (in reset)
	postfix/smtpd[52588]: disconnect from localhost[127.0.0.1]

and the message of course remains in Postfix' queue.

I understand that the +x workaround suggested for the auth-userdb socket (so as
to have 0777 permissions instead of 0666) relies on provisions made in
Dovecot's code in order to relax some requirements.

But I still need help for a correct interpretation...

The socket receives 0666 permissions by default; any process should thus be able
to read from/write to that socket.
So, why set such a default, since it is anyway going to yield un-intuitive
results?

And, as far as the log messages are concerned:

"client doesn't have lookup permissions...".
Who's the client here?

Still from the log: "client doesn't have lookup permissions for this
user:".
Which user?

"userdb reply doesn't contain uid"
The userdb query seems to have failed; but does it mean that is should
explicitly return a uid?

TIA,
Axel


$ doveconf -n
# 2.1.16: /_ROOT/etc/dovecot/dovecot.conf
# OS: Darwin 12.3.0 x86_64  
auth_verbose = yes
disable_plaintext_auth = no
mail_debug = yes
mail_gid = dovemailer
mail_location = mbox:~/mboxes:INBOX=~/mboxes/inbox
mail_uid = dovemailer
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
mbox_write_locks = fcntl
passdb {
  args = /_ROOT/etc/dovecot/db.conf
  driver = sql
}
plugin {
  quota = dirsize:User quota
  quota_rule = *:storage=1M
}
ssl = no
userdb {
  driver = prefetch
}
userdb {
  args = /_ROOT/etc/dovecot/db.conf
  driver = sql
}
protocol lmtp {
  mail_plugins = quota
}
protocol pop3 {
  mail_plugins = quota
  pop3_uidl_format = %08Xv%08Xu
}
protocol imap {
  mail_plugins = quota
}

With above settings, the permissions on socket auth-userdb are:

	srw-rw-rw-   1 dovecot  wheel       0 16 avr 16:05 auth-userdb

and the full config for service lmtp is:

	$ doveconf service/lmtp
	service lmtp {
	  chroot = 
	  client_limit = 1
	  drop_priv_before_exec = no
	  executable = lmtp
	  extra_groups = 
	  group = 
	  idle_kill = 0
	  privileged_group = 
	  process_limit = 0
	  process_min_avail = 0
	  protocol = lmtp
	  service_count = 0
	  type = 
	  unix_listener lmtp {
		group = 
		mode = 0666
		user = 
	  }
	  user = 
	  vsz_limit = 18446744073709551615 B
	}

Le 16 avr. 2013 ? 19:47, Axel Luttgens a ?crit :
> [...]
Mea culpa.

I missed a few enlightening lines in 10-master.conf, at the beginning of the
"service auth" section.

They are terribly useful for understanding the coding choices and to conclude
that everything "works as intended".

Axel