> On 04/01/2023 17:59 EET Gerben Wierda <gerben.wie...@rna.nl> wrote:
> I am busy migrating. I am moving from macOS+MacPorts to Ubuntu+Docker
> On the old system, I have this in the dovecot config:
> mail_uid = _dovecot
> mail_gid = mail
> mail_privileged_group = mail
> mail_access_groups = mail

These settings do not govern auth process access to this file.

> This seems weird to me, I think the dovecot user should be in group dovecot 
> only if I understand the docs. On the old system dovecot, postfix, dovenull 
> and rspamd are all members of the mail group.
> On that system, the cram md5 passwd database (file) has these permissions:
> drwxr-xr-x 3 root wheel 96 Feb 2 2021 .
> drwxr-xr-x 22 root admin 704 Jan 4 15:17 ..
> -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd

This should be root:dovecot

> and that has worked like that for many years, basically starting with Mac OS 
> X Server, surviving all kinds of macOS migrations.
> On my new Ubuntu system I've copied this setup over:
> drwxr-xr-x 2 root root 4096 Jan 4 09:49.
> drwxr-xr-x 7 root root 4096 Jan 4 15:21..
> -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd
> mail_uid = dovecot
> mail_gid = mail
> mail_privileged_group = mail
> mail_access_groups = mail
> But:
> Jan 04 15:40:08 auth: Error: passwd-file 
> /etc/dovecot/etc/cram-md5.pwd:open(/etc/dovecot/etc/cram-md5.pwd) failed: 
> Permission denied (euid=91(dovecot) egid=91(dovecot) missing +r perm: 
> /etc/dovecot/etc/cram-md5.pwd, we're not in group 8(mail), dir owned by 0:0 
> mode=0755)
> And really, dovecot is in group mail. From /etc/group:
> mail:x:8:postfix,dovecot
> dovenull:x:90:
> dovecot:x:91:
> And from /etc/passwd:
> dovenull:x:90:90::/home/dovenull:/usr/sbin/nologin
> dovecot:x:91:91::/home/dovecot:/usr/sbin/nologin
> So, that I get this error baffles me.
> Gerben Wierda (LinkedIn (https://www.linkedin.com/in/gerbenwierda))
> R&A IT Strategy (https://ea.rna.nl/) (main site)
> Book: Chess and the Art of Enterprise Architecture 
> (https://ea.rna.nl/the-book/)
> Book: Mastering ArchiMate (https://ea.rna.nl/the-book-edition-iii/)

Dovecot processes drop extra groups unless explicitly asked to retain those.


Reply via email to