> On 04/01/2023 17:59 EET Gerben Wierda <gerben.wie...@rna.nl> wrote: > > > I am busy migrating. I am moving from macOS+MacPorts to Ubuntu+Docker > > On the old system, I have this in the dovecot config: > mail_uid = _dovecot > mail_gid = mail > mail_privileged_group = mail > mail_access_groups = mail >
These settings do not govern auth process access to this file. > This seems weird to me, I think the dovecot user should be in group dovecot > only if I understand the docs. On the old system dovecot, postfix, dovenull > and rspamd are all members of the mail group. > > On that system, the cram md5 passwd database (file) has these permissions: > > drwxr-xr-x 3 root wheel 96 Feb 2 2021 . > drwxr-xr-x 22 root admin 704 Jan 4 15:17 .. > -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd This should be root:dovecot > > and that has worked like that for many years, basically starting with Mac OS > X Server, surviving all kinds of macOS migrations. > > On my new Ubuntu system I've copied this setup over: > drwxr-xr-x 2 root root 4096 Jan 4 09:49. > drwxr-xr-x 7 root root 4096 Jan 4 15:21.. > -rw-r----- 1 root mail 1234 Feb 2 2021 cram-md5.pwd > > mail_uid = dovecot > mail_gid = mail > mail_privileged_group = mail > mail_access_groups = mail > > But: > Jan 04 15:40:08 auth: Error: passwd-file > /etc/dovecot/etc/cram-md5.pwd:open(/etc/dovecot/etc/cram-md5.pwd) failed: > Permission denied (euid=91(dovecot) egid=91(dovecot) missing +r perm: > /etc/dovecot/etc/cram-md5.pwd, we're not in group 8(mail), dir owned by 0:0 > mode=0755) > > And really, dovecot is in group mail. From /etc/group: > mail:x:8:postfix,dovecot > dovenull:x:90: > dovecot:x:91: > And from /etc/passwd: > dovenull:x:90:90::/home/dovenull:/usr/sbin/nologin > dovecot:x:91:91::/home/dovecot:/usr/sbin/nologin > > So, that I get this error baffles me. > > Gerben Wierda (LinkedIn (https://www.linkedin.com/in/gerbenwierda)) > R&A IT Strategy (https://ea.rna.nl/) (main site) > Book: Chess and the Art of Enterprise Architecture > (https://ea.rna.nl/the-book/) > Book: Mastering ArchiMate (https://ea.rna.nl/the-book-edition-iii/) > Dovecot processes drop extra groups unless explicitly asked to retain those. Aki