Re: [Dovecot] chdir failed, but requires group permissions
Ok, thanks - but I think that's beyond me right now. Perhaps I could just suggest it as a "feature" for future releases. Thanks for all your help! Brent. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Sat 4/7/2007 12:51 PM To: Brent Nesbitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] chdir failed, but requires group permissions On 7.4.2007, at 22.36, Brent Nesbitt wrote: > Yes, I am using passwd - as I also have webmail using these same > logins - so changing the "actual" home directory won't work either. > At this point I am using popa3d instead of dovecot - but Dovecot is > a much more capable program, so I thought it SHOULD have worked. Dovecot doesn't work that great with multiple groups currently. You could always modify the sources to just disable the chdir(). It's not that important. Perhaps I should just move it later after the privileges are really dropped. I'm not actually sure why it's done earlier. The code related to it is pretty huge already.
Re: [Dovecot] chdir failed, but requires group permissions
On 7.4.2007, at 22.36, Brent Nesbitt wrote: Yes, I am using passwd - as I also have webmail using these same logins - so changing the "actual" home directory won't work either. At this point I am using popa3d instead of dovecot - but Dovecot is a much more capable program, so I thought it SHOULD have worked. Dovecot doesn't work that great with multiple groups currently. You could always modify the sources to just disable the chdir(). It's not that important. Perhaps I should just move it later after the privileges are really dropped. I'm not actually sure why it's done earlier. The code related to it is pretty huge already. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] chdir failed, but requires group permissions
Yes, I am using passwd - as I also have webmail using these same logins - so changing the "actual" home directory won't work either. At this point I am using popa3d instead of dovecot - but Dovecot is a much more capable program, so I thought it SHOULD have worked. Brent. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Sat 4/7/2007 12:33 PM To: Brent Nesbitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] chdir failed, but requires group permissions On 7.4.2007, at 21.56, Brent Nesbitt wrote: > Which unfortunately, doesn't work. Even with these settings, or > putting mbox, INBOX, INDEX all in /var/mail - dovecot still fails > after successful authentication with an error that it can't chdir > to the mail user's home directory; which, of course, it can't - but > again, it shouldn't need to. Yes, but I meant that you could change the userdb not to return a home directory at all for users. Or are you using passwd as userdb? Then it gets trickier..
Re: [Dovecot] chdir failed, but requires group permissions
On 7.4.2007, at 21.56, Brent Nesbitt wrote: Which unfortunately, doesn't work. Even with these settings, or putting mbox, INBOX, INDEX all in /var/mail - dovecot still fails after successful authentication with an error that it can't chdir to the mail user's home directory; which, of course, it can't - but again, it shouldn't need to. Yes, but I meant that you could change the userdb not to return a home directory at all for users. Or are you using passwd as userdb? Then it gets trickier.. PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] chdir failed, but requires group permissions
Thanks - I hadn't seen that before. If I'm understanding what you're getting at, you're referring to: Modify mail_location setting so that the mail root directory is also the empty directory and append :INDEX=MEMORY to it. For example: mail_location = mbox:/var/empty:INBOX=/var/mail/%u:INDEX=MEMORY Which unfortunately, doesn't work. Even with these settings, or putting mbox, INBOX, INDEX all in /var/mail - dovecot still fails after successful authentication with an error that it can't chdir to the mail user's home directory; which, of course, it can't - but again, it shouldn't need to. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Sat 4/7/2007 10:43 AM To: Brent Nesbitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] chdir failed, but requires group permissions On 7.4.2007, at 20.35, Brent Nesbitt wrote: > However, it seems odd to me that Dovecot would REQUIRE access to > the $HOME directory, when I am only using it to pop mail from /var/ > mail (which it has full access to) - and I am not using imap access > at all. Well, you don't HAVE to give Dovecot any home directory at all. See the bottom of http://wiki.dovecot.org/MailLocation/Mbox
Re: [Dovecot] chdir failed, but requires group permissions
On 7.4.2007, at 20.35, Brent Nesbitt wrote: However, it seems odd to me that Dovecot would REQUIRE access to the $HOME directory, when I am only using it to pop mail from /var/ mail (which it has full access to) - and I am not using imap access at all. Well, you don't HAVE to give Dovecot any home directory at all. See the bottom of http://wiki.dovecot.org/MailLocation/Mbox PGP.sig Description: This is a digitally signed message part
Re: [Dovecot] chdir failed, but requires group permissions
Thanks for the suggestion, That's a good idea, but unfortunately where the home directories lie, the users actually need to be members of 2 groups - so they both can't be primary. However, it seems odd to me that Dovecot would REQUIRE access to the $HOME directory, when I am only using it to pop mail from /var/mail (which it has full access to) - and I am not using imap access at all. Brent. -Original Message- From: Timo Sirainen [mailto:[EMAIL PROTECTED] Sent: Fri 4/6/2007 1:01 AM To: Brent Nesbitt Cc: dovecot@dovecot.org Subject: Re: [Dovecot] chdir failed, but requires group permissions On 4.4.2007, at 1.48, Brent Nesbitt wrote: > My home directories are set up with 770 permissions as follows: > > /home// > > Using this method, users MUST be a member of the appropriate group to > access their own home directory. If they are not, they can't chdir > past > /home. Could the group be the user's primary group? Then it works. Otherwise there's not much else you can do except modify the sources.
Re: [Dovecot] chdir failed, but requires group permissions
On 4.4.2007, at 1.48, Brent Nesbitt wrote: My home directories are set up with 770 permissions as follows: /home// Using this method, users MUST be a member of the appropriate group to access their own home directory. If they are not, they can't chdir past /home. Could the group be the user's primary group? Then it works. Otherwise there's not much else you can do except modify the sources. PGP.sig Description: This is a digitally signed message part
[Dovecot] chdir failed, but requires group permissions
Using Debian Etch package dovecot-common and dovecot-pop3d, based on 1.0.rc15-2 My home directories are set up with 770 permissions as follows: /home// Using this method, users MUST be a member of the appropriate group to access their own home directory. If they are not, they can't chdir past /home. This appears to kill dovecot with a "chdir failed with id : Permission Denied" error, immediately after authenticating a pop3 user. I was able to make a user the owner of the directory, and dovecot succeeded But when the directory is owned by : and the user is a member of the group - the process dies. Any suggestions?