Le 1 août 2013 à 15:43, Felix Rubio Dalmau a écrit :
> [...]
>
> Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and
> modify the file conf.d/10-mail.conf to show
>
> mail_uid = vmail
> mail_gid = vmail
>
> I get this error:
>
> dovecot: auth: Error: userdb(<mail>): client doesn't have lookup
> permissions for this user: userdb reply doesn't contain uid (change userdb
> socket permissions)
>
> Does anybody know what is wrong in my set-up?
Hello Felix,
Yes and no...
This still remains a bit unclear to me, but you could try something like this:
service auth {
unix_listener auth-userdb {
# default: user = $default_internal_user
group = vmail # default: group =
mode = 0660 # default: mode = 0666
}
}
The code has some provisions to avoid the auth-userdb to be too widely open, in
spite of that default mode 0666. Changing that mode short-circuits those
provisions, and the above is the most secure setting I could think of in the
case of a single uid/gid setup.
HTH,
Axel
