Re: [Dovecot] Userdb and home directories
On Mon, 2007-08-06 at 11:23 +0100, Mike Brudenell wrote:
[Quick side-question: should I be using $USER or $RESTRICTED_USER
here? I can't work out what the difference between them is. Both
are set within Dovecot's standard environment.]
If you're using system users they're the same. If you're using virtual
users $USER contains the virtual user and $RESTRICTED_USER contains the
system user.
Is there some way of overriding the home directory used in the very
early (imap-login?) process? At present I can only think of either:
a) Edit /etc/passwd with a dummy home directory for all users to
appease
the very early check, then use the postlogin script to set
the real
home directory up for the main imap process, or
b) Edit the source code to do likewise.
c) Use checkpassword script for authentication and have it return a
different home directory.
I guess this has been asked often enough. v1.1 supports now this:
userdb passwd {
args = home=/var/mail/%u
}
http://hg.dovecot.org/dovecot/rev/1cc70ab3482a
signature.asc
Description: This is a digitally signed message part
Re: [Dovecot] Userdb and home directories
Greetings - A lot of reading and testing has led me part-way to an answer. If anyone can help me get all the way there I'll be really grateful: I only have 48 hours now before the system has to go live! The problem... We are using userdb passwd to get a user's details from our main NIS map. This returns uid, gid and normal home directory for each user. However for mail I don't make any use of the home directory, wanting a sealed black box environment that isn't dependent on our other file server with home directories on it: just the file server with the mail directories. I understand now that I can change a user's home directory between the imap-login and imap processes by altering the configuration file to point at a script mail_executable = /usr/local/dovecot/libexec/postlogin-script and have the script alter the HOME environment variable: HOME=`printf '/mailstore/control/%1.1s/%s/home' $USER $USER` [Quick side-question: should I be using $USER or $RESTRICTED_USER here? I can't work out what the difference between them is. Both are set within Dovecot's standard environment.] HOWEVER... The problem I'm trying to avoid is having Dovecot refuse to log someone in if their home directory gives a Permission denied error (eg, when their home directory filer is in a funny state). This test appears to be done very early on, in the imap-login process (I think): definitely before the post-login script runs. Is there some way of overriding the home directory used in the very early (imap-login?) process? At present I can only think of either: a) Edit /etc/passwd with a dummy home directory for all users to appease the very early check, then use the postlogin script to set the real home directory up for the main imap process, or b) Edit the source code to do likewise. I keep hoping I've missed something and there is a cleaner way to override the value for home returned by the passwd userdb before its initial use in src/master/mail-process.c create_mail_process() Any help gratefully received! Cheers, Mike B-) On 3 Aug 2007, at 11:33, Mike Brudenell wrote: We use shadow for the passdb and passwd for the userdb (see dovecot -n output below). I'm trying to work out how to override the home directory returned from NIS. Ultimately I'd like to use this template: /mailstore/control/%1Ln/%Ln/home but for the time being while I'm trying to work out how to do it have my own area hard-coded in (as it's only me logging in to the test system): /mailstore/control/p/pmb1/home I'm specifying this with the args directive in the userdb section as follows: args = home=/mailstore/control/p/pmb1/home but it isn't being picked up. What am I doing wrong, please? (We want to continue using uids and gids etc from NIS so I don't think using the static userdb is the right thing to do?) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
Re: [Dovecot] Userdb and home directories
Mike Brudenell wrote: Greetings - A lot of reading and testing has led me part-way to an answer. If anyone can help me get all the way there I'll be really grateful: I only have 48 hours now before the system has to go live! The problem... We are using userdb passwd to get a user's details from our main NIS map. This returns uid, gid and normal home directory for each user. However for mail I don't make any use of the home directory, wanting a sealed black box environment that isn't dependent on our other file server with home directories on it: just the file server with the mail directories. We use the NIS passwd map to generate a static passwd-file userdb overnight (which only takes a few seconds), which we use for uid and gid but override the home directory with the directory containing their mbox. This appears to give much better performance, as Dovecot caches the userdb in this case, whereas before we were getting NIS timeouts. See http://www.dovecot.org/list/dovecot/2005-September/009331.html for the history! Hope this helps, Chris -- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, [EMAIL PROTECTED] IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
Re: [Dovecot] Userdb and home directories (clarification)
Greetings - I'm just feeling I need to clarify my previous message a bit to explain the problem better... On 3 Aug 2007, at 11:33, Mike Brudenell wrote: We have two NetApp filers: one serves people's home directories; the other their message store and control files filestores. At the moment the first of the two filers is not accessible to my Dovecot system and I assumed all would be well because, as far as I knew, I wasn't using it at all. We have two NetApp filers. One serves people's real home directories, and the other is serving the mailstore. The mailstore comprises two separate areas: one with quotas to store the messages in Maildir format; the second without quotas to store the control files for each user. The general format of these are: Message store: /mailstore/messages/letter/username Control files: /mailstore/control/letter/username where letter is the first character of the username We want the mail service to operate as a black box, with all necessary files stored on its filer. In particular we do not want anything storing within someone's home directory, and want the mail service to continue if the filer service home directories is unavailable. I am using passdb shadow and userdb passwd to authenticate and get users' details. These are being read from NIS, with each user having their own uid and gid. Because it is the general NIS map its home directory field specifies the user's real home directory on the other filer. Because I don't use %h anywhere in Dovecot's configuration I had assumed it did not use the home directory at all, and hence is independent of the other filer. However this morning's issue has shown this is not the case... As things stand Dovecot is using chdir() to move to the user's home directory, apparently in the early setup after logging in. As the home directories are currently unavailable to my test Dovecot service, giving a Permission denied error, Dovecot is aborting the session and so I'm not able to read mail. We can't have this for our production service so I'm trying to find out how to make things truly independent of the other (home directories) filer. I've read in the Wiki that it's best to set up a home directory for users and will be happy to have this as a subdirectory below the control files' directory. For example /mailstore/control/p/pmb1/home/... However I can't find a way of telling Dovecot NOT to use the home directory returned from the userdb passwd lookup, and instead use the above. I know setting the home directory is possible from userdb static, but we don't want everyone to use a single uid/gid: we want them each to use their own uids and gids so the filestore-based quotas work. Can someone guide me in this please? Either how to override the home directory setting, or an alternative way of configuring things to give the black box environment we are after? With many thanks, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
[Dovecot] Userdb and home directories
Greetings - I've just discovered an oddity I didn't know I had... We have two NetApp filers: one serves people's home directories; the other their message store and control files filestores. At the moment the first of the two filers is not accessible to my Dovecot system and I assumed all would be well because, as far as I knew, I wasn't using it at all. However in practice Dovecot DOES appear to be using it: it is trying to chdir() to my home directory when I login, finds it can't at the moment (because of a problem giving Permission denied), and closes the connection. I've read the pages on home directories and the userdb on the Wiki and it advises that having a home directory is beneficial. I'm happy to create a subdirectory for this within a user's control files directory, but do NOT want it on our normal filestore: we can't have mail inaccessible because a user's home directory is inaccessible because the other filer is out of action. We use shadow for the passdb and passwd for the userdb (see dovecot - n output below). I'm trying to work out how to override the home directory returned from NIS. Ultimately I'd like to use this template: /mailstore/control/%1Ln/%Ln/home but for the time being while I'm trying to work out how to do it have my own area hard-coded in (as it's only me logging in to the test system): /mailstore/control/p/pmb1/home I'm specifying this with the args directive in the userdb section as follows: args = home=/mailstore/control/p/pmb1/home but it isn't being picked up. What am I doing wrong, please? (We want to continue using uids and gids etc from NIS so I don't think using the static userdb is the right thing to do?) Cheers, Mike B-) Output of dovecot -n # 1.0.3: /usr/local/dovecot-1.0.3/etc/dovecot.conf log_path: /logfiles/mail/live/dovecot info_log_path: /logfiles/mail/live/dovecot-info disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/dovecot-1.0.3/libexec/dovecot/imap-login login_log_format_elements: user=%Lu method=%m rip=%r lip=%l %c login_process_per_connection: no login_greeting_capability: yes login_process_size: 64 login_processes_count: 10 max_mail_processes: 1 mail_location: maildir:/mailstore/messages/%1Ln/%Ln/Maildir:INDEX=/ mailstore/index/%1Ln/%Ln:CONTROL=/mailstore/control/%1Ln/%Ln maildir_copy_with_hardlinks: yes mail_plugins: quota imap_quota mail_log_prefix: [%p]%Us(%Lu): imap_client_workarounds: delay-newmail outlook-idle namespace: type: private separator: / inbox: yes auth default: mechanisms: plain login cache_size: 1024 cache_ttl: 600 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 username_format: %Ln passdb: driver: shadow userdb: driver: passwd args: home=/mailstore/control/p/pmb1/home plugin: quota: fs -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. *
