Hello Axel,
but then I don't get it: I thought that "uid" and "gid" in the
user_query where used to access the local FS, whereas the "unix_listener
auth-userdb" are used to indicate under which owner/group must be auth-userdb
run... although maybe I'm wrong :-S :-)
What I'm looking forward to is to eliminate the need for returning
these two fixed items, as long as all the virtual_users will be using the same
uid and gid.
Does anybody know how can I do it??
Regards, and thank you!
Felix
> Date: Thu, 1 Aug 2013 17:50:33 +0200
> From: Axel Luttgens <axelluttg...@swing.be>
> To: Dovecot Mailing List <dovecot@dovecot.org>
> Subject: Re: [Dovecot] misconception in uid and gid
> Message-ID: <89ac3212-efe6-41e5-a22d-97dc8e771...@swing.be>
> Content-Type: text/plain; charset=iso-8859-1
>
> Le 1 ao?t 2013 ? 15:43, Felix Rubio Dalmau a ?crit :
>
> > [...]
> >
> > Nevertheless, if I remove the segments "'vmail' AS uid, 'vmail' AS gid" and
> > modify the file conf.d/10-mail.conf to show
> >
> > mail_uid = vmail
> > mail_gid = vmail
> >
> > I get this error:
> >
> > dovecot: auth: Error: userdb(<mail>): client doesn't have lookup
> > permissions for this user: userdb reply doesn't contain uid (change userdb
> > socket permissions)
> >
> > Does anybody know what is wrong in my set-up?
>
> Hello Felix,
>
> Yes and no...
> This still remains a bit unclear to me, but you could try something like this:
>
> service auth {
>
> unix_listener auth-userdb {
>
> # default: user = $default_internal_user
> group = vmail # default: group =
> mode = 0660 # default: mode = 0666
> }
> }
>
> The code has some provisions to avoid the auth-userdb to be too widely open,
> in spite of that default mode 0666. Changing that mode short-circuits those
> provisions, and the above is the most secure setting I could think of in the
> case of a single uid/gid setup.
>
> HTH,
> Axel
