I've been suffering a permission problem in Postfix/Dovecot for a couple of days now. The setup is using virtual domains and users, so the path to user's home
is /var/mail/<domain>/<user>
; and the path to MailDir
is /var/mail/<domain>/<user>/MailDir
The mail logs continue to show a Permission Denied:
Apr 3 05:44:16 debian-x2 postfix/virtual[5670]: D6DDD1780100: to=<jeff@deltoid.com>,
relay=virtual, delay=0.15, delays=0.1/0.01/0/0.04, dsn=4.2.0, status=deferred
(maildir delivery failed: create maildir file
/var/mail/deltoid.com/jeff/Maildir/tmp/1396518256.P5670.debian-x2: Permission denied)
Permissions are as follows:
# ls -l /var/mail/
total 96
drw-rws--- 4 vmail vmail 4096 Apr 2 18:19 deltoid.com
-rw-rw---- 1 nobody mail 80586 Apr 2 07:45 nobody
# ls -l /var/mail/deltoid.com/
total 12
drw-rws--- 3 vmail vmail 4096 Apr 3 04:47 jeff
drw-rws--- 3 vmail vmail 4096 Apr 3 04:47 support
-rw-rws--- 1 vmail vmail 122 Apr 2 03:33 users
# ls -l /var/mail/deltoid.com/jeff/
total 4
drw-rws--- 2 vmail vmail 4096 Apr 3 04:47 Maildir
# ls -l /var/mail/deltoid.com/jeff/Maildir/
total 0
vmail
is both a user and group, and its set to id
5000:
# id -u vmail
5000
postfix
and dovecot
are both in the vmail
group:
# members vmail
vmail postfix dovecot
And Postfix's main.conf
:
# Mailbox location
virtual_mailbox_base = /var/mail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
I have a little script that attempts to set the proper permission bits, but its apparently wrong:
# Ensure permissions are set on directories
chown -R vmail:vmail /var/mail/*.com
chmod -R 0660 /var/mail/*.com
chmod -R g+rwxs /var/mail/*.com
# chown -R dovecot:dovecot /var/mail/*.com/users
I got the chmod -R g+rwxs
from SuperUser questions on setting directory permissions and having subdirectories and files inherit those permissions (for example, How to set file permissions so that new files inherit same permissions?, Setting default permissions for newly created files and sub-directories under a directory in Linux?, and
How to make new file permission inherit from the parent directory?).
Two questions:
-
What is wrong with the current permissions?
-
What are the permissions supposed to be?
Best Answer
The permissions
drw-rws---
on directories are wrong because even the owner of the directory cannot go into them, due to the lack of thex
bit (=1
when using the numeric form).You can test this by yourself by doing this as a normal user (not root):
I think that these lines in your current script:
should be instead: