Run chatmail-metadata and doveauth as vmail

CHANGELOG.md

@@ -2,6 +2,9 @@
 
 ## untagged 
 
+- Run chatmail-metadata and doveauth as vmail
+  ([#261](https://github.com/deltachat/chatmail/pull/261))
+
 - Apply systemd restrictions to echobot
   ([#259](https://github.com/deltachat/chatmail/pull/259))
 

chatmaild/src/chatmaild/doveauth.py

@@ -9,7 +9,6 @@ from socketserver import (
     StreamRequestHandler,
     ThreadingMixIn,
 )
-import pwd
 
 from .database import Database
 from .config import read_config, Config
@@ -191,9 +190,8 @@ class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer):
 
 def main():
     socket = sys.argv[1]
-    passwd_entry = pwd.getpwnam(sys.argv[2])
-    db = Database(sys.argv[3])
-    config = read_config(sys.argv[4])
+    db = Database(sys.argv[2])
+    config = read_config(sys.argv[3])
 
     class Handler(StreamRequestHandler):
         def handle(self):
@@ -209,7 +207,6 @@ def main():
         pass
 
     with ThreadedUnixStreamServer(socket, Handler) as server:
-        os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid)
         try:
             server.serve_forever()
         except KeyboardInterrupt:

chatmaild/src/chatmaild/metadata.py

@@ -1,5 +1,3 @@
-import pwd
-
 from pathlib import Path
 from threading import Thread, Event
 from socketserver import (
@@ -158,8 +156,7 @@ class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer):
 
 
 def main():
-    socket, username, vmail_dir = sys.argv[1:]
-    passwd_entry = pwd.getpwnam(username)
+    socket, vmail_dir = sys.argv[1:]
 
     vmail_dir = Path(vmail_dir)
 
@@ -192,7 +189,6 @@ def main():
     notifier.message_arrived_event.set()
 
     with ThreadedUnixStreamServer(socket, Handler) as server:
-        os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid)
         try:
             server.serve_forever()
         except KeyboardInterrupt:

cmdeploy/src/cmdeploy/__init__.py

@@ -478,6 +478,11 @@ def deploy_chatmail(config_path: Path) -> None:
         system=True,
     )
 
+    server.shell(
+        name="Fix file owner in /home/vmail",
+        commands=["test -d /home/vmail && chown -R vmail:vmail /home/vmail"],
+    )
+
     apt.update(name="apt update", cache_time=24 * 3600)
 
     apt.packages(

cmdeploy/src/cmdeploy/dovecot/auth.conf

@@ -1,4 +1,4 @@
-uri = proxy:/run/dovecot/doveauth.socket:auth
+uri = proxy:/run/doveauth/doveauth.socket:auth
 iterate_disable = yes
 default_pass_scheme = plain
 # %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash).

cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2

@@ -78,7 +78,7 @@ mail_privileged_group = vmail
 ##
 
 # Pass all IMAP METADATA requests to the server implementing Dovecot's dict protocol.
-mail_attribute_dict = proxy:/run/dovecot/metadata.socket:metadata
+mail_attribute_dict = proxy:/run/chatmail-metadata/metadata.socket:metadata
 
 # Enable IMAP COMPRESS (RFC 4978).
 # <https://datatracker.ietf.org/doc/html/rfc4978.html>

cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f

@@ -2,9 +2,11 @@
 Description=Chatmail dict proxy for IMAP METADATA
 
 [Service]
-ExecStart={execpath} /run/dovecot/metadata.socket vmail /home/vmail/mail/{mail_domain}
+ExecStart={execpath} /run/chatmail-metadata/metadata.socket /home/vmail/mail/{mail_domain}
 Restart=always
 RestartSec=30
+User=vmail
+RuntimeDirectory=chatmail-metadata
 
 [Install]
 WantedBy=multi-user.target

cmdeploy/src/cmdeploy/service/doveauth.service.f

@@ -2,9 +2,11 @@
 Description=Chatmail dict authentication proxy for dovecot
 
 [Service]
-ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite {config_path}
+ExecStart={execpath} /run/doveauth/doveauth.socket /home/vmail/passdb.sqlite {config_path}
 Restart=always
 RestartSec=30
+User=vmail
+RuntimeDirectory=doveauth
 
 [Install]
 WantedBy=multi-user.target