# Postfix/Dovecot: permission denied creating Maildir [SOLVED]

## VinzC

Hi.

I've installed postfix, Dovecot/IMAP and I'm using Dovecot for Local Delivery Agent. Virtual mail accounts are stored in an OpenLDAP directory. While I can successfully logon with IMAP I get an error message when I try to send a message to one of my virtual user accounts:

```
Jul 15 00:08:01 mailhost postfix/smtpd[11352]: connect from mailhost.mydomain.local[192.168.1.32]

Jul 15 00:08:26 mailhost postfix/smtpd[11352]: B58CFB7031A: client=mailhost.mydomain.local[192.168.1.32]

Jul 15 00:08:39 mailhost postfix/cleanup[11355]: B58CFB7031A: message-id=<20080714220826.B58CFB7031A@mailhost.mydomain.local>

Jul 15 00:08:39 mailhost postfix/qmgr[9627]: B58CFB7031A: from=<testuser@hotmail.com>, size=361, nrcpt=1 (queue active)

Jul 15 00:08:39 mailhost dovecot: auth(default): master in: USER^I1^Itestuser@mydomain.local^Iservice=deliver

Jul 15 00:08:39 mailhost dovecot: auth(default): ldap(testuser@mydomain.local): user search: base=dc=mydomain, dc=local scope=subtree filter=(&(objectClass=mailAccount)(uid=testuser)) fields=homeDirectory,uidNumber,gidNumber

Jul 15 00:08:39 mailhost dovecot: auth(default): master out: USER^I1^Itestuser@mydomain.local^Iuid=1024^Igid=100^Ihome=/home/testuser

Jul 15 00:08:39 mailhost deliver(testuser@mydomain.local): setgid(100) failed with euid=500, gid=8, egid=8: Operation not permitted

Jul 15 00:08:39 mailhost postfix/pipe[11356]: B58CFB7031A: to=<testuser@mydomain.local>, orig_to=<testuser>, relay=dovecot, delay=18, delays=18/0.01/0/0.03, dsn=4.3.0, status=deferred (temporary failure)

Jul 15 00:08:42 mailhost postfix/smtpd[11352]: disconnect from mailhost.mydomain.local[192.168.1.32]
```

I have added these lines to /etc/postfix/main.cf:

```
# Dovecot LDA 

virtual_transport = dovecot 

dovecot_destination_recipient_limit = 1
```

I've added these lines to /etc/postfix/master.cf:

```
# Dovecot LDA 

dovecot    unix  -       n       n       -       -       pipe 

    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -d $recipient
```

and these lines to /etc/dovecot/dovecot.conf:

```
    # MDA Configuration 

    protocol lda { 

        postmaster_address = postmaster 

        auth_socket_path = /var/run/dovecot/auth-master 

    }
```

The error message described above appears also when the Maildir directory structure exists under /home/testuser/Maildir. I'm using Dovecot-1.0.13 and postfix-2.3.8.

Has anyone got an idea?

Thanks in advance.

----------

## cassiol

heloo

 the directory /home/testuser/Maildir has owner vmail:vmail ?

----------

## VinzC

 *cassiol wrote:*   

> heloo
> 
>  the directory /home/testuser/Maildir has owner vmail:vmail ?

 

No, it doesn't have that user for owner. But think I've tried with that user as the owner and it didn't work. (I've tried a couple of combinations indeed.) I've also tested chmod 777 on that directory and it doesn't work either. What I'd like is postfix/dovecot to automatically create these directories. It looks like Dovecot/IMAP can (although it doesn't yet because of a permission problem, too).

I've followed this guide: http://www.vogelweith.com/debian_server/07_postfix.php because I found it quite well explained. I realize it has some errors though. The vmail account is mentioned in the guide.

----------

## cassiol

in dotecov home page... has much documentation..

maybe that help you http://wiki.dovecot.org/HowTo/DovecotOpenLdap

----------

## VinzC

Well, thanks a lot but I already went through the documentation without knowing exactly where to start. There are many howto's all over the place, none of which present the same steps. There are plenty of ways.

So. I've tried to interpret the log files from the mail server and I guess the problem is that deliver wants to change the permissions of the mail files but is not allowed to because it's running in a non-root context. Setting the SUID bit with /var/lib/dovecot/deliver didn't change anything. Moreover it's supposed to create the Maildir directory if it doesn't exist but it doesn't!

For now the only way I could make it work (aka create my home directory and set permissions accordingly) was to set the SUID bit of /var/lib/dovecot/deliver *and* to allow everyone to write into /home/.

```
-rwsr-xr-x 1 root root 543016 2008-03-09 19:41 /usr/lib/dovecot/deliver
```

```
drwxrwxrwx 3 vmail mail 4096 2008-07-15 17:55 /home/
```

That means the process that tries to create the directories under /home/ is certainly *not* running with root privileges nor under the account vmail:mail otherwise it would create the directory tree, wouldn't it?

So there must be another way, right?

----------

## VinzC

I've finally succeeded in making this damn thing work  :Smile:  . Setting the SUID bit for Dovecot's deliver allows it to create a mail user's home directory. Curiosly enough, deliver first takes the identity of the user *before* it creates the Maildir structure. So I ended up allowing group users write access to the /home directory.

----------

