> On 25 Aug 2015, at 20:55, Thomas Leuxner <t...@leuxner.net> wrote:
>
> * Timo Sirainen <t...@iki.fi> 2015.08.25 17:28:
>
>>>> ==> /var/log/dovecot/dovecot.log <==
>>>> Aug 25 09:42:07 nihlus dovecot: imap(t...@leuxner.net): Error:
>>>> net_connect_unix(/var/run/dovecot/imap-hibernate) failed: Permission denied
>>>> Aug 25 09:42:07 nihlus dovecot: imap(t...@leuxner.net): Error: Couldn't
>>>> hibernate imap client: Couldn't export state: Virtual mailboxes have no
>>>> GUIDs
>
> Those are completely gone with the latest two commits. I was expecting the
> permission error to fire up. It seems a bit too quite. If it works would it
> spawn a hibernate-process? It looks so from the service section, but I don't
> see any "hibernate" processes active.
It no longer logs an error if the selected mailbox is virtual. It simply
doesn't start up the hibernate process. If you set mail_debug=yes it'll log why
it won't start the hibernation. Also just committed a change that logs the
mailbox name.
>>> 'chmod 666' mitigates the permission issue on the socket. However it seems
>>> to have other issues then:
>>
>> You can also change the unix_listener { user, group, mode } as needed for
>> different services (imap, imap-hibernate). http://wiki2.dovecot.org/Services
>> has some more info.
>
> $ doveconf -a | grep -A 20 'service imap-hibernate'
> service imap-hibernate {
> […]
> unix_listener imap-hibernate {
> group =
> mode = 0600
> user =
> }
> user = $default_internal_user
>
> The question is what user it should be - or what user it should match in case
> several users come into play. With the standard setting
> $default_internal_user as above it does not work out of the box (at least
> with my config).
There's no good default setting here. It depends on your userdb settings and/or
mail_uid setting. So for example if your imap processes are running as vmail
user, you should set service imap-hibernate { unix_listener imap-hibernate {
user = vmail } }. Then again if you are using system users (or otherwise
multiple UIDs) it gets more difficult to implement this securely (mode=0666
works always, but security isn't too good). This same problem exists for
various other parts of Dovecot, for example indexer-worker and dict services.
