[prev in list] [next in list] [prev in thread] [next in thread] 

List:       postfix-users
Subject:    Re: please help, getting desperate
From:       Viktor Dukhovni <postfix-users () dukhovni ! org>
Date:       2018-07-31 14:09:19
Message-ID: BF3A7ACD-9D0F-4014-9B38-D3E1396135E0 () dukhovni ! org
[Download RAW message or body]



> On Jul 31, 2018, at 7:21 AM, Andras Kemeny <pdx@pdx.hu> wrote:
> 
> my virtual users are in LDAP, but they have their own UID and GID. since i don't \
> want to do a setuid script for the LDA (and obviously the LDA needs to run with the \
> correct permissions to be able to affect the target user's mailbox files), is there \
> a way to use the whole record object from the LDAP query (which contains the \
> uidNumber and gidNumber attributes) and use some kind of substitution in the \
> master.cf when specifying the user=UID:GID parameter? the current situation is: 
> dovecot   unix  -       n       n       -       -       pipe
> flags=ODRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -e -f ${sender} -d \
>                 ${user}
> - problem: vmail (uid 5000) is obviously not the UID associated with the dovecot

With dovecot virtual users, all the mail is typically stored under a
single user-id associated with the IMAP server.  Use the same user-id
for the pipe delivery agent.

I use the Postfix built-in virtual(8) delivery agent with a fixed uid/gid
via static virtual_{uid,gid}_maps:

  main.cf:
  indexed = ${default_database_type}:${config_directory}/
  virtual_mailbox_base = /var/spool/virtual
  virtual_mailbox_maps = ${indexed}vmbox
  virtual_uid_maps = static:504
  virtual_gid_maps = static:504

  $ getent passwd 504
  maildir:*:504:504:IMAP mailbox owner:/var/empty:/usr/sbin/nologin

but you can achieve the same effect with a suitable choice of "user="
for the pipe(8) transport (in my case that would be "maildir").

In dovecot.conf I have:

  # Same user for all mailboxes:
  #
  userdb {
    args = uid=504 gid=504 home=/var/spool/virtual mail=maildir:/var/spool/virtual/%n
    driver = static
  }

-- 
	Viktor.


[prev in list] [next in list] [prev in thread] [next in thread]