subject:"\[Dovecot\] dovecot2 auth\-worker socket perms ignoring assigned ownership settings in conf.d\/10\-master.conf\?"

[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

2011-10-11 Thread mephistopheles

I have Dovecot2 auth setup to run as

user  = doveauth
group = dovecot

configured in,

vi conf.d/10-master.conf
...
service auth {
unix_listener /var/spool/postfix/private/auth {
user  = postfix
group = postfix
mode  = 0660
}
user  = doveauth
group = dovecot
}
service auth-worker {
user  = doveauth
group = dovecot
}
...

When I start Dovecot,

ls -al /var/run/dovecot/auth-*
/bin/ls: No match.

service dovecot-custom start
Starting Dovecot ...   done

Dovect's auth-process sockets are created with different ownership than
what I specified,

ls -al /var/run/dovecot/auth-*
srw--- 1 rootroot 0 Oct 11 19:30
/var/run/dovecot/auth-client
srw--- 1 dovecot root 0 Oct 11 19:30
/var/run/dovecot/auth-login
srw--- 1 rootroot 0 Oct 11 19:30
/var/run/dovecot/auth-master
srw--- 1 rootroot 0 Oct 11 19:30
/var/run/dovecot/auth-userdb
srw--- 1 dovecot root 0 Oct 11 19:30
/var/run/dovecot/auth-worker

Which causes problems when I test AUTH,

telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot
ready.
a login x...@domain.loc testpass
a NO [UNAVAILABLE] Temporary authentication failure.
* OK Waiting for authentication process to respond..

In logs,

== /var/log/dovecot/dovecot-debug.log ==
Oct 11 19:32:11 auth: Debug: Loading modules from directory:
/usr/lib64/dovecot/modules/auth
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libauthdb_ldap.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_mysql.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_pgsql.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libdriver_sqlite.so
Oct 11 19:32:11 auth: Debug: Module loaded:
/usr/lib64/dovecot/modules/auth/libmech_gssapi.so
Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397)
Oct 11 19:32:17 auth: Debug: client in: AUTH1   PLAIN  
service=imapsecured lip=127.0.0.1   rip=127.0.0.1lport=143  
   rport=47016 resp=hidden

== /var/log/dovecot/dovecot.log ==
Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in
directory /var/run/dovecot failed: Permission denied
(euid=1101(doveauth) egid=305(dovecot) missing +r perm:
/var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755)

What needs to change to get those sockets created with correct/assigned
ownership  perms?

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

2011-10-11 Thread mephistopheles



On Tuesday, October 11, 2011 7:53 PM, Paul B. Henson hen...@acm.org
wrote:
 You need an extra piece here:
 
 service auth-worker {
user = $default_internal_user
 
unix_listener auth-worker {
   user = postfix
}
 }

Maybe being too literal, or misunderstanding your 'extra', I changed to,

...
service auth-worker {
#   user  = doveauth
#   group = dovecot
user = $default_internal_user

unix_listener auth-worker {
user = postfix
}
}
...

At

telnet 127.0.0.1 143
etc

I get the same FAIL as above.

But, if first I

chown doveauth:dovecot /var/run/dovecot/auth-worker

then

telnet 127.0.0.1 143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
  a login x...@domain.loc testpass
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS
MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED
I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in
...

succeeds.

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

2011-10-11 Thread mephistopheles



 It was *not* easy to figure that out; none of the postfix/dovecot
 how-to's have been updated for dovecot 2.

Fwiw, this looks useful

 Authentication process user
  http://wiki2.dovecot.org/UserIds

Trying to get those $default_... redefined.  No luck yet.

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

2011-10-11 Thread Paul B. Henson

On Tue, Oct 11, 2011 at 08:20:13PM -0700, mephistophe...@operamail.com wrote:

 Maybe being too literal, or misunderstanding your 'extra', I changed to,
 
Hmm, I just cut-and-pasted my config :), the missing piece was the
unix_listener subconfig user, the user/group part in the service config
didn't need to match mine exactly, although I think
$default_internal_user is dovecot anyway.

   chown doveauth:dovecot /var/run/dovecot/auth-worker

Hmm, perhaps I misunderstood you? I thought you were trying to get SASL
auth working with postfix? But you're demonstrating an imap connection.

Ah, yes, I see in your original email you showed an imap connection too.
I just saw the /var/spool/postfix/private/auth and user/group postfix
parts of the config and made an assumption.

My config was for using Dovecot *just* to provide SASL authentication
services to postfix for smtp auth, I'm not using any of its other
features/services.

Sorry for any confusion.

I'm curious though, why are you setting the auth stuff up to be owned by
postfix if you'd trying to authenticate dovecot imap processes? It seems
you're mixing two different configs.

-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  hen...@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

2011-10-11 Thread mephistopheles


 Sorry for any confusion.

np.  issue solved.  for my config,

...
service auth-worker {
user = doveauth
unix_listener auth-worker {
user = doveauth
}
}
...

then

service dovecot-custom restart
ls -al /var/run/dovecot/auth-worker
 srw--- 1 doveauth root 0 Oct 11 20:56
 /var/run/dovecot/auth-worker

better. and,

telnet 127.0.0.1 4143
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot
ready.
a login x...@domain.loc testpass
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR
LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY
THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT
CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1
CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged
in


 I'm curious though, why are you setting the auth stuff up to be owned by
 postfix if you'd trying to authenticate dovecot imap processes? It seems
 you're mixing two different configs.

I'm converting to SQL from flatfiles
(http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix).

Just haven't gotten to making all the changes yet. Single-stepping
through testing, got to IMAP and found this issue.

Thanks for the help!

[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?

5 matches

Site Navigation

Mail list logo

Footer information