[Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
I have Dovecot2 auth setup to run as user = doveauth group = dovecot configured in, vi conf.d/10-master.conf ... service auth { unix_listener /var/spool/postfix/private/auth { user = postfix group = postfix mode = 0660 } user = doveauth group = dovecot } service auth-worker { user = doveauth group = dovecot } ... When I start Dovecot, ls -al /var/run/dovecot/auth-* /bin/ls: No match. service dovecot-custom start Starting Dovecot ... done Dovect's auth-process sockets are created with different ownership than what I specified, ls -al /var/run/dovecot/auth-* srw--- 1 rootroot 0 Oct 11 19:30 /var/run/dovecot/auth-client srw--- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-login srw--- 1 rootroot 0 Oct 11 19:30 /var/run/dovecot/auth-master srw--- 1 rootroot 0 Oct 11 19:30 /var/run/dovecot/auth-userdb srw--- 1 dovecot root 0 Oct 11 19:30 /var/run/dovecot/auth-worker Which causes problems when I test AUTH, telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login x...@domain.loc testpass a NO [UNAVAILABLE] Temporary authentication failure. * OK Waiting for authentication process to respond.. In logs, == /var/log/dovecot/dovecot-debug.log == Oct 11 19:32:11 auth: Debug: Loading modules from directory: /usr/lib64/dovecot/modules/auth Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libauthdb_ldap.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_mysql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_pgsql.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libdriver_sqlite.so Oct 11 19:32:11 auth: Debug: Module loaded: /usr/lib64/dovecot/modules/auth/libmech_gssapi.so Oct 11 19:32:11 auth: Debug: auth client connected (pid=2397) Oct 11 19:32:17 auth: Debug: client in: AUTH1 PLAIN service=imapsecured lip=127.0.0.1 rip=127.0.0.1lport=143 rport=47016 resp=hidden == /var/log/dovecot/dovecot.log == Oct 11 19:32:17 auth: Fatal: net_connect_unix(auth-worker) in directory /var/run/dovecot failed: Permission denied (euid=1101(doveauth) egid=305(dovecot) missing +r perm: /var/run/dovecot/auth-worker, dir owned by 305:305 mode=0755) What needs to change to get those sockets created with correct/assigned ownership perms?
Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
On Tuesday, October 11, 2011 7:53 PM, Paul B. Henson hen...@acm.org wrote: You need an extra piece here: service auth-worker { user = $default_internal_user unix_listener auth-worker { user = postfix } } Maybe being too literal, or misunderstanding your 'extra', I changed to, ... service auth-worker { # user = doveauth # group = dovecot user = $default_internal_user unix_listener auth-worker { user = postfix } } ... At telnet 127.0.0.1 143 etc I get the same FAIL as above. But, if first I chown doveauth:dovecot /var/run/dovecot/auth-worker then telnet 127.0.0.1 143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready. a login x...@domain.loc testpass a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in ... succeeds.
Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
It was *not* easy to figure that out; none of the postfix/dovecot how-to's have been updated for dovecot 2. Fwiw, this looks useful Authentication process user http://wiki2.dovecot.org/UserIds Trying to get those $default_... redefined. No luck yet.
Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
On Tue, Oct 11, 2011 at 08:20:13PM -0700, mephistophe...@operamail.com wrote: Maybe being too literal, or misunderstanding your 'extra', I changed to, Hmm, I just cut-and-pasted my config :), the missing piece was the unix_listener subconfig user, the user/group part in the service config didn't need to match mine exactly, although I think $default_internal_user is dovecot anyway. chown doveauth:dovecot /var/run/dovecot/auth-worker Hmm, perhaps I misunderstood you? I thought you were trying to get SASL auth working with postfix? But you're demonstrating an imap connection. Ah, yes, I see in your original email you showed an imap connection too. I just saw the /var/spool/postfix/private/auth and user/group postfix parts of the config and made an assumption. My config was for using Dovecot *just* to provide SASL authentication services to postfix for smtp auth, I'm not using any of its other features/services. Sorry for any confusion. I'm curious though, why are you setting the auth stuff up to be owned by postfix if you'd trying to authenticate dovecot imap processes? It seems you're mixing two different configs. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768
Re: [Dovecot] dovecot2 auth-worker socket perms ignoring assigned ownership settings in conf.d/10-master.conf?
Sorry for any confusion. np. issue solved. for my config, ... service auth-worker { user = doveauth unix_listener auth-worker { user = doveauth } } ... then service dovecot-custom restart ls -al /var/run/dovecot/auth-worker srw--- 1 doveauth root 0 Oct 11 20:56 /var/run/dovecot/auth-worker better. and, telnet 127.0.0.1 4143 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready. a login x...@domain.loc testpass a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS QUOTA ACL RIGHTS=texk] Logged in I'm curious though, why are you setting the auth stuff up to be owned by postfix if you'd trying to authenticate dovecot imap processes? It seems you're mixing two different configs. I'm converting to SQL from flatfiles (http://wiki2.dovecot.org/HowTo/VirtualUserFlatFilesPostfix). Just haven't gotten to making all the changes yet. Single-stepping through testing, got to IMAP and found this issue. Thanks for the help!