On 23.8.2011, at 19.37, a.sm...@ukgrid.net wrote: >> No, that's the least of its troubles. If you can't run dovecot-lda as root, >> it won't be able to change its UID to the user's UID (and so won't have >> enough permissions to be able to write mails to user's mailbox). So you need >> to run dovecot-lda as root in some way, and after that it becomes pretty >> much irrelevant what auth-userdb's permissions are. >> > > Hmmm, well in my setup dovecot-lda is called from Exim with "user=" set to a > MySQL query.
Are you sure you even need Dovecot to do a userdb lookup then? If Exim can set up also the other needed things (home dir?) it shouldn't be necessary. > I'd guess that that means Exim runs dovecot-lda as the user directly so I > don't have the issue you mention above. But where the permission on the > auth-userdb socket are root:vmail 0660, the dovecot-lda is called as vmail > and the vmail user is a member of the vmail group I get the error: > > Aug 11 03:38:06 lda: Error: userdb lookup: > connect(/var/run/dovecot/auth-userdb) failed: Permission denied > (euid=25110(vmail) egid=25110(vmail) missing +r perm: > /var/run/dovecot/auth-userdb, euid is not dir owner) Hmm. So if dovecot-lda is running as vmail group and /var/run/dovecot/auth-userdb has group=vmail and 0660 permissions, this error shouldn' t happen. Check two things: 1) ls -ln /var/run/dovecot/auth-userdb actually shows group as 25110 and mode being 0660 2) If you've any SELinux or app-armor stuff enabled, try disabling them
