[linux] dovecot 1.2 po aktualizacii
Martin Kyrc
martin.kyrc na gmail.com
Sobota Duben 2 23:43:31 CEST 2011
Ahojte,
dnes som aktualizoval okrem ineho aj dovecot (imapd) a bojujem s jednym
problemom, vid nizsie. V README.Debian, ako aj na stranke dovecot-u som
sa docital o zmenach, ktore pribudli pri prechode z 1.0 na 1.1 a tiez na
1.2 (konkretne pouzivam 1.2.15-4 ktoru teraz bezim - debian stable).
Mam pouzivatelov s jedinecnymi uid/gid, no maily su riesene formou
virtualnych kont (s rovnakym uid/gid). Informacie o pouzivateloch,
vratane cesty pre virtualny mail (/var/vmail/) su v ldap (mail adresar
je mimo pouzivatelskeho home adresara). Dovecot spravne vyberie
informacie o tom, kam sa ma email dorucit, aj sa spravne doruci so
spravne nastavenym jednotnym uid/gid. Problem je v jeho precitani cez
imap, pretoze tu sa uz pouzivatel hlasi svojim jedinecnym uid/gid a tym
padom do /var/vmail/ (uid:gid = vmail:vmail) nema pristup.
V predchadzajucej verzii dovoloval dovecot vramci konfiguracie ldap
(dovecot-ldap.conf) definovat staticky uid/gid pomocou 'user_global_uid'
a 'user_global_gid', v novej verzii sa to presunulo do globalnej dovecot
configuracie (dovecot.conf) ako 'mail_uid' a 'mail_gid' (vid:
http://wiki.dovecot.org/AuthDatabase/LDAP/Userdb, alebo
http://wiki.dovecot.org/Upgrading/1.1). Ono to funguje pri doruceni
emailu do uloziska, tam sa definovane mail_uid a mail_gid prejavilo. Pri
pristupe cez imap to ale akosi neoverride-ne. adresar /var/vmail je
chmod 700 a uid=5000
prikladam aj nastasvenia:
dovecot.conf:
## toto nahradzuje user_global_uid a user_global_gid
# System user and group used to access mails. If you use multiple,
# userdb can override these by returning uid or gid fields.
# You can use either numbers or names.
# </usr/share/doc/dovecot-common/wiki/UserIds.txt>
mail_uid = 5000
mail_gid = 5000
dovecot-ldap.conf:
user_attrs = maildrop=mail,mailQuota=quota
pass_attrs = uid=user,userPassword=password
(user_filter a pass_filter nie su podstatne, to funguje spravne)
#povodne tu bolo aktivne aj toto, co v novej verzii uz nie je mozne:
# You can use same UID and GID for all user accounts if you really
# want to. If the UID/GID is still found from LDAP reply, it
# overrides these values.
#user_global_uid = 5000
#user_global_gid = 5000
a log - pristup imap testovacieho usera 'ferko'):
Apr 2 22:31:51 crete dovecot: imap-login: Login: user=<ferko>,
method=PLAIN, rip=192.168.254.5, lip=192.168.2.2, TLS
Apr 2 22:31:51 crete dovecot: IMAP(ferko): Effective uid=47882,
gid=513, home=/home/ferko
Apr 2 22:31:51 crete dovecot: IMAP(ferko): maildir: data=/var/vmail/ferko
Apr 2 22:31:51 crete dovecot: IMAP(ferko): maildir++:
root=/var/vmail/ferko, index=, control=, inbox=/var/vmail/ferko
Apr 2 22:31:52 crete dovecot: IMAP(ferko): Namespace : Using
permissions from /var/vmail/ferko: mode=0700 gid=-1
Apr 2 22:31:52 crete dovecot: IMAP(ferko): stat(/var/vmail/ferko/tmp)
failed: Permission denied (euid=47882(ferko) egid=513(Domain Users)
missing +x perm: /var/vmail/ferko)
'gid=-1' je tam asi preto, ze ta to overrideuje (ak sa to snazim
nastacit z ldap, tak sa tam objavi realne gid usera).
Nenapada vas nieco?
--
mk
Další informace o konferenci linux