Michael Tokarev
2022-Feb-21 21:24 UTC
postfix, dovecot-lda, /run/dovecot/stats-writer socket permision and local user delivery, again
Hi! There are many questions on the 'net about the same theme: lda(mjt): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied dovecot-lda is run from postfix as mailbox_command for local users. There's even a suggestion on dovecot wiki to make dovecot-lda setgid (to mail) - for a different reason but people use this trick to shut this error message up. See eg the last message at https://forum.zentyal.org/index.php?topic=35236.0 which points to https://wiki2.dovecot.org/LDA/Postfix . But the thing is: mail delivery stops right after making dovecot-lda setgid, like this: Feb 22 00:06:46 tsrv dovecot: lda(mjt)<253650><s+nnHub+E2LS3gMA7tuOMA>: \ Fatal: setresgid(914(dovecot),914(dovecot),8(mail)) failed with euid=1000(mjt): \ Operation not permitted why the hell lda tries to setuid to dovecot user? It will definitely unable to write to the maildir since it is owned by user mjt, not by user dovecot! And I *only* made it setgid, not setuid. How to use dovecot-lda together with postfix, after all? Thanks, /mjt
Aki Tuomi
2022-Feb-22 07:49 UTC
postfix, dovecot-lda, /run/dovecot/stats-writer socket permision and local user delivery, again
> On 21/02/2022 23:24 Michael Tokarev <mjt at tls.msk.ru> wrote: > > > Hi! > > There are many questions on the 'net about the same theme: > lda(mjt): Error: net_connect_unix(/run/dovecot/stats-writer) failed: Permission denied > > dovecot-lda is run from postfix as mailbox_command for local users. > > There's even a suggestion on dovecot wiki to make dovecot-lda setgid > (to mail) - for a different reason but people use this trick to shut > this error message up. See eg the last message at > https://forum.zentyal.org/index.php?topic=35236.0 which points to > https://wiki2.dovecot.org/LDA/Postfix . > > But the thing is: mail delivery stops right after making dovecot-lda > setgid, like this: > > Feb 22 00:06:46 tsrv dovecot: lda(mjt)<253650><s+nnHub+E2LS3gMA7tuOMA>: \ > Fatal: setresgid(914(dovecot),914(dovecot),8(mail)) failed with euid=1000(mjt): \ > Operation not permitted > > why the hell lda tries to setuid to dovecot user? > It will definitely unable to write to the maildir since it is owned by > user mjt, not by user dovecot! > > And I *only* made it setgid, not setuid. > > How to use dovecot-lda together with postfix, after all? > > Thanks, > > /mjtThe most simple fix which usually works is service stats { unix_listener stats-writer { mode = 0666 } } Aki