Re: [exim] New install EXIM + Dovecot - auth permission erro…

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMGary Stainburn at <-
.MMJeremy Harris at ->
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] New install EXIM + Dovecot - auth permission error
Hi,

I may be totally wrong, but…

Gary Stainburn via Exim-users <exim-users@???> (Mi 01 Feb 2023 14:02:06 CET):
>   driver = dovecot
>   public_name = LOGIN
>   server_socket = /var/run/dovecot/auth-client
>   server_set_id = $auth1
>
> dovecot_plain:
>   driver = dovecot
>   public_name = PLAIN
>   server_socket = /var/run/dovecot/auth-client
>   server_set_id = $auth1

Sure about $auth1? Isn'tit $auth2 in case of the PLAIN driver?

> 2023-02-01 12:50:11 dovecot_login authenticator failed for hub.********
> ([10.1.1.103]) [**.**.**.**]: 435 Unable to authenticate at present: unable
> to connect to UNIX socket (/var/run/dovecot/auth-client): Permission denied

Yes, Exim connects to the socket as the Exim runtime user, but the
permissions on the socket are a way to tight.

I think, either set the socket to 666, or make 660 and assign it to a
group, Exim belongs to (though I'm not sure, if Exim "joins" its
supplementary groups (aka initgroups(3)) for auth purpose.)

I'm not sure about the security impact of widening the permissions on
this socket. In theory it can be used to do mass-checking of auth
credentials.

The permissions and ownership of the socket can be set in the dovecot
config file.

--
Heiko
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] New install EXIM + Dovecot - auth permission errorRe: [exim] New install EXIM + Dovecot - auth permission error->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)