Dovecot: Permission denied - after reboot changed owner

setevoy

setevoy

After every reboot I see in maillog:
Code: 
    May 10 10:17:57 akira dovecot: auth: Fatal: net_connect_unix(auth-worker) in directory
 /var/run/dovecot failed: Permission denied (euid=65534(nobody) egid=65534(nobody) missing +r perm:
 /var/run/dovecot/auth-worker, dir owned by 0:0 mode=0755)


This helps:

chown nobody:nobody /var/run/dovecot/auth-worker

because dovecot works under nobody.

Can somebody explain me - why does the owner change?

I have an idea to change owner with editing file /etc/mtree/BSD.var.dist, adding:

Code: 
      run
            named           uname=bind gname=bind
            ..
            ppp             gname=network mode=0770
            ..
            wpa_supplicant
            ..
            dovecot         uname=nobody gname=nobody
            ..

But after reboot - again:

Code: 
     # ls -la /var/run/
    total 66
    drwxr-xr-x   9 root        wheel         512 May 10 10:42 .
    drwxr-xr-x  26 root        wheel         512 May 10 13:41 ..
    ...
    drwxr-xr-x   4 root        wheel         512 May 10 10:42 dovecot


What do I do wrong?

P.S. sorry for my English :-)
 
Hello, check Dovecot configuration files (usually this setting is in 10-master.conf). Here you need to find service auth-worker and comment out
Code: 
user = root
- after it it will run under the dovecot user. If you need it to run under nobody - just set it to nobody.

Code: 
service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn't necessary, the user should be changed to
  # $default_internal_user.
  #user = root
}

Hope it helps you.
 
Hi! Thanks for reply, but:

Code: 
 # locate 10-master.conf
/usr/local/share/doc/dovecot/example-config/conf.d/10-master.conf

I think Dovecot dosen't use this file.

Then I make:
[cmd=]# less /usr/local/etc/dovecot/dovecot.conf | grep root[/cmd]

and there is nothing about root.

About auth-worker, here is part of dovecot.conf:

Code: 
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
  unix_listener auth-master {
    mode = 0666
  }
  user = dovecot
}

But it doesn't help :-(
 
You must log in or register to reply here.
Back
Top