On Sun, 2011-10-09 at 11:31 -0700, Steve Fatula wrote: > dovecot: lda: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) > failed: Permission denied > > > Using mailbox_command in Postfix means that dovecot-lda is running as the > system user getting the mail. Which means it can't access the socket file. Of > course, one can simply use mode 666 on it, but, then people can use it to > find out information according to the doc, which I do not want. > > So, I am not sure why the doc says to add -d for per user quotas, without > also mentioning the problem with doing that. I don't see how it can work? > > Assuming I need per user quotas, and I don't want to use LMTP, is there a > good way around this without the security issue?
The possibilities are: a) Start dovecot-lda so that the process belongs to extra group (e.g. dovecot) and make the socket rw for that group. I don't know if Postfix can do this for system users.. b) Use filesystem setgid bit for dovecot-lda c) Run via sudo The b) and c) are explained in wiki in the "multiple UIDs" section (although for setuid-root rather than setgid-dovecot).
