marcel.cochem
2014-Oct-10 08:17 UTC
question: dovecot lda running as special user (vmail) or normal user (marcel)?
Dear Mailing List,
(version and dovecot -n at the bottom)
(Sorry for the bad English in this mail :) )
I'm new to dovecot and wanted to build my own mailserver using
dovecot+postfix.
I currently have a Problem with Permissions with my mailfolder.
I could solve it easily if i set it with chmod to 777. but thats no real
solution.
While reading my log files i see a lot messages like:
Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed:
Initializing mail storage from mail_location setting failed:
stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied
(euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir
owned by 5000:5000 mode=0700)
Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to
server log for more information.
So Currently two Users need to acces the mail-folder:
1. The user itself (here: owncloud)
2. The vmail user
I want to use dovecot with virtual users. Now the question is: shouldn't
the directory be accessed only by the vmail user? and not by the owncloud
user?
Second Quest:
If it's correct that the access is made by 2 users: what rights do they
need?
I Cant add all users to the group vmail and set g+rwx Permissions (every
user could read mails from other users, and even edit them!)
Thanks a Lot.
Kind Regards,
Marcel
------------------------------
------------------------------------------------------------------------------------
dovecot --version
2.2.13
dovecot -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4
auth_mechanisms = plain login
auth_verbose = yes
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_home = /home/vmail/example.com/%n
mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave duplicate
namespace inbox {
inbox = yes
location mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix }
passdb {
args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_after = /home/vmail/sieve-after
sieve_before = /home/vmail/sieve-before
sieve_dir = ~/sieve
}
protocols = imap sieve
service auth {
unix_listener /var/spool/postfix/private/dovecot-auth {
group = postfix
mode = 0660
user = postfix
}
}
ssl_cert = </etc/ssl/certs/ssl_main.crt
ssl_cipher_list
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
ssl_client_ca_dir = /etc/ssl/certs
ssl_key = </etc/ssl/private/ssh_main_insecure
userdb {
args = uid=5000 gid=5000 home=/home/vmail/example.com/%n
driver = static
}
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
mail_max_userip_connections = 10
}
protocol lda {
deliver_log_format = msgid=%m: %$
mail_plugins = sieve
postmaster_address = postmaster at example.com
quota_full_tempfail = yes
rejection_reason = Your message to <%t> was automatically rejected:%n%r
}
On Fri, Oct 10, 2014 at 10:13 AM, marcel.cochem <
marcel.cochem at googlemail.com> wrote:
> Dear Mailing List,
>
> (version and dovecot -n at the bottom)
> (Sorry for the bad English in this mail :) )
>
> I'm new to dovecot and wanted to build my own mailserver using
> dovecot+postfix.
> I currently have a Problem with Permissions with my mailfolder.
> I could solve it easily if i set it with chmod to 777. but thats no real
> solution.
>
> While reading my log files i see a lot messages like:
> Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization
> failed: Initializing mail storage from mail_location setting failed:
> stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied
> (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir
> owned by 5000:5000 mode=0700)
> Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to
> server log for more information.
>
> So Currently two Users need to acces the mail-folder:
> 1. The user itself (here: owncloud)
> 2. The vmail user
>
> I want to use dovecot with virtual users. Now the question is:
shouldn't
> the directory be accessed only by the vmail user? and not by the owncloud
> user?
>
> Second Quest:
> If it's correct that the access is made by 2 users: what rights do they
> need?
> I Cant add all users to the group vmail and set g+rwx Permissions (every
> user could read mails from other users, and even edit them!)
>
> Thanks a Lot.
> Kind Regards,
>
> Marcel
>
>
------------------------------------------------------------------------------------------------------------------
>
> dovecot --version
> 2.2.13
>
> dovecot -n
> # 2.2.13: /etc/dovecot/dovecot.conf
> # OS: Linux 3.13.0-37-generic x86_64 Ubuntu 14.04.1 LTS ext4
> auth_mechanisms = plain login
> auth_verbose = yes
> info_log_path = /var/log/dovecot-info.log
> log_path = /var/log/dovecot.log
> mail_home = /home/vmail/example.com/%n
> mail_location = maildir:/home/vmail/example.com/%n/mail:LAYOUT=fs
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date ihave
duplicate
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Junk {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox "Sent Messages" {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix > }
> passdb {
> args = username_format=%u scheme=ssha512 /etc/dovecot/passwd.db
> driver = passwd-file
> }
> plugin {
> sieve = ~/.dovecot.sieve
> sieve_after = /home/vmail/sieve-after
> sieve_before = /home/vmail/sieve-before
> sieve_dir = ~/sieve
> }
> protocols = imap sieve
> service auth {
> unix_listener /var/spool/postfix/private/dovecot-auth {
> group = postfix
> mode = 0660
> user = postfix
> }
> }
> ssl_cert = </etc/ssl/certs/ssl_main.crt
> ssl_cipher_list >
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
> ssl_client_ca_dir = /etc/ssl/certs
> ssl_key = </etc/ssl/private/ssh_main_insecure
> userdb {
> args = uid=5000 gid=5000 home=/home/vmail/example.com/%n
> driver = static
> }
> protocol imap {
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> mail_max_userip_connections = 10
> }
> protocol lda {
> deliver_log_format = msgid=%m: %$
> mail_plugins = sieve
> postmaster_address = postmaster at example.com
> quota_full_tempfail = yes
> rejection_reason = Your message to <%t> was automatically
rejected:%n%r
> }
>
>
Steffen Kaiser
2014-Oct-10 09:27 UTC
question: dovecot lda running as special user (vmail) or normal user (marcel)?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 10 Oct 2014, marcel.cochem wrote:> I'm new to dovecot and wanted to build my own mailserver using > dovecot+postfix. > I currently have a Problem with Permissions with my mailfolder. > I could solve it easily if i set it with chmod to 777. but thats no real > solution. > > While reading my log files i see a lot messages like: > Oct 10 05:19:52 lda(owncloud): Error: user owncloud: Initialization failed: > Initializing mail storage from mail_location setting failed: > stat(/home/vmail/example.com/owncloud/mail) failed: Permission denied > (euid=100(owncloud) egid=1004(owncloud) missing +x perm: /home/vmail, dir > owned by 5000:5000 mode=0700) > Oct 10 05:19:52 lda(owncloud): Fatal: Invalid user settings. Refer to > server log for more information. > > So Currently two Users need to acces the mail-folder: > 1. The user itself (here: owncloud) > 2. The vmail user> I want to use dovecot with virtual users. Now the question is: shouldn't > the directory be accessed only by the vmail user? and not by the owncloud > user?postfix starts the LDA as owncloud user, looks like you set postfix up to use system users. Either make it use the vmail user or use LMTP.>> userdb { >> args = uid=5000 gid=5000 home=/home/vmail/example.com/%n >> driver = static >> }Via IMAP/POP3 and LMTP all users will use these settings. - -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBVDemh3z1H7kL/d9rAQIMxwf/cLh7M/VVUzweg5Vg1hQZx5rneCh/Lj6l 7NK1HSwEaXz/4u6kVQOpqXXRUhjHz9DXgAh6blQDifXOVHY3V1MpDleg8DKzHeah wmhnfw3jWNuAGWd7z96Iys8mjuopPz35hy6nhVVwQtmv3wbFdqqch4PrCa2pOnvc gnWUaht2wSdHhAP4ZCyNY5zWPPEQtIigpXqcYpfIRXVg/wO9TiYH0Uww6BBZvNUl W/LRlS2E0jlQeacAueyRcdjoMuKC0ki/2ao12GWBffGW+2EJTD8U6dSTu4Ogviyr g8SsPqUIG4NpQAvB2T5XwjECmsiR2gkxYaEJ8tLki0vUj4iQDGFgOA==aeeT -----END PGP SIGNATURE-----
Reasonably Related Threads
- question: dovecot lda running as special user (vmail) or normal user (marcel)?
- self-signed ssl certificate, icecast2, and no ssl capability
- Weird sub-folder error
- Sieve scripts not triggered on IMAP inbound messages using IMAPC
- problem creating a systemd service