auth_socket_path permissiones

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

auth_socket_path permissiones

Antares
Hello,
I'm using dovecot 1.0 under debian etch.

The lda socket path is set to:
auth_socket_path = /var/spool/postfix/private/auth

But this gives me the error:
net_connect(/var/spool/postfix/private/auth) failed: Permission denied

I suppose deliver is run as dovecot user.
I read about running deliver as root with the suid bit set. I'm not quite sure
if this is a good solution. Is there any other way.
In the wiki says:
"Most MTAs won't let you run deliver as root, so for now you'll need to make
it setuid root. However deliver isn't designed to be run as setuid-root"

My MTA is postfix, does someone know if postfix let me run deliver as root? If
not, should I go to the setuid option?

Thank you.

--
Adrián Ribao Martínez

signature.asc (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: auth_socket_path permissiones

Charles Marcus
On 5/22/2008, Adrián Ribao Martínez ([hidden email]) wrote:
> The lda socket path is set to:
> auth_socket_path = /var/spool/postfix/private/auth
>
> But this gives me the error:
> net_connect(/var/spool/postfix/private/auth) failed: Permission denied

Please provide full dovecot -n output, not snips from config files
(dovecot may not be using the setting you think it is)...

--

Best regards,

Charles
Reply | Threaded
Open this post in threaded view
|

Re: auth_socket_path permissiones

Jens Dönhoff-3
In reply to this post by Antares
Hi.

--On Thursday, May 22, 2008 02:32:06 PM +0200 Adrián Ribao Martínez
<[hidden email]> wrote:

> The lda socket path is set to:
> auth_socket_path = /var/spool/postfix/private/auth

If you need the auth socket only for one user, just set the correct
permissions.

Postfix can run the deliver process as the dovecot user. For more info
see <http://wiki.dovecot.org/LDA/Postfix>.

> My MTA is postfix, does someone know if postfix let me run deliver as
> root? If  not, should I go to the setuid option?

It depends on your setup, I guess. Another feasible option might be
using filesystem ACLs for the auth socket.

Greetings,

Jens
Reply | Threaded
Open this post in threaded view
|

Re: auth_socket_path permissiones

Antares
In reply to this post by Charles Marcus
El Jueves, 22 de Mayo de 2008, Charles Marcus escribió:
> On 5/22/2008, Adrián Ribao Martínez ([hidden email]) wrote:
> > The lda socket path is set to:
> > auth_socket_path = /var/spool/postfix/private/auth
> >
> > But this gives me the error:
> > net_connect(/var/spool/postfix/private/auth) failed: Permission denied
>
> Please provide full dovecot -n output, not snips from config files
> (dovecot may not be using the setting you think it is)...

Here you go:
# /etc/dovecot/dovecot.conf
Warning: mail_extra_groups setting was often used insecurely so it is now
deprecated, use mail_access_groups or mail_privileged_group instead
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: pop3 imap
login_dir: /var/run/dovecot/login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
mail_extra_groups: mail
mail_access_groups: mail
mail_location: mbox:~/mail/%n:INBOX=~/mail/%n/%n
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
auth default:
  realms: adrima.es universoheroes.com
  passdb:
    driver: pam
  passdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  userdb:
    driver: sql
    args: /etc/dovecot/dovecot-sql.conf
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 438
      user: postfix
      group: postfix
    master:


--
Adrián Ribao Martínez

signature.asc (196 bytes) Download Attachment