From 5e55cc205d4359d26fa0a3b0b0d628bc0fb5d1b5 Mon Sep 17 00:00:00 2001 From: link2xt Date: Fri, 29 Mar 2024 04:45:09 +0000 Subject: [PATCH] Run chatmail-metadata and doveauth as vmail --- CHANGELOG.md | 3 +++ chatmaild/src/chatmaild/doveauth.py | 7 ++----- chatmaild/src/chatmaild/metadata.py | 6 +----- cmdeploy/src/cmdeploy/__init__.py | 5 +++++ cmdeploy/src/cmdeploy/dovecot/auth.conf | 2 +- cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 | 2 +- cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f | 4 +++- cmdeploy/src/cmdeploy/service/doveauth.service.f | 4 +++- 8 files changed, 19 insertions(+), 14 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e4448bd..6912069 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## untagged +- Run chatmail-metadata and doveauth as vmail + ([#261](https://github.com/deltachat/chatmail/pull/261)) + - Apply systemd restrictions to echobot ([#259](https://github.com/deltachat/chatmail/pull/259)) diff --git a/chatmaild/src/chatmaild/doveauth.py b/chatmaild/src/chatmaild/doveauth.py index 25d8026..138fb0c 100644 --- a/chatmaild/src/chatmaild/doveauth.py +++ b/chatmaild/src/chatmaild/doveauth.py @@ -9,7 +9,6 @@ from socketserver import ( StreamRequestHandler, ThreadingMixIn, ) -import pwd from .database import Database from .config import read_config, Config @@ -191,9 +190,8 @@ class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer): def main(): socket = sys.argv[1] - passwd_entry = pwd.getpwnam(sys.argv[2]) - db = Database(sys.argv[3]) - config = read_config(sys.argv[4]) + db = Database(sys.argv[2]) + config = read_config(sys.argv[3]) class Handler(StreamRequestHandler): def handle(self): @@ -209,7 +207,6 @@ def main(): pass with ThreadedUnixStreamServer(socket, Handler) as server: - os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid) try: server.serve_forever() except KeyboardInterrupt: diff --git a/chatmaild/src/chatmaild/metadata.py b/chatmaild/src/chatmaild/metadata.py index b6b3565..45fa8cb 100644 --- a/chatmaild/src/chatmaild/metadata.py +++ b/chatmaild/src/chatmaild/metadata.py @@ -1,5 +1,3 @@ -import pwd - from pathlib import Path from threading import Thread, Event from socketserver import ( @@ -158,8 +156,7 @@ class ThreadedUnixStreamServer(ThreadingMixIn, UnixStreamServer): def main(): - socket, username, vmail_dir = sys.argv[1:] - passwd_entry = pwd.getpwnam(username) + socket, vmail_dir = sys.argv[1:] vmail_dir = Path(vmail_dir) @@ -192,7 +189,6 @@ def main(): notifier.message_arrived_event.set() with ThreadedUnixStreamServer(socket, Handler) as server: - os.chown(socket, uid=passwd_entry.pw_uid, gid=passwd_entry.pw_gid) try: server.serve_forever() except KeyboardInterrupt: diff --git a/cmdeploy/src/cmdeploy/__init__.py b/cmdeploy/src/cmdeploy/__init__.py index 92750f3..cae7885 100644 --- a/cmdeploy/src/cmdeploy/__init__.py +++ b/cmdeploy/src/cmdeploy/__init__.py @@ -478,6 +478,11 @@ def deploy_chatmail(config_path: Path) -> None: system=True, ) + server.shell( + name="Fix file owner in /home/vmail", + commands=["test -d /home/vmail && chown -R vmail:vmail /home/vmail"], + ) + apt.update(name="apt update", cache_time=24 * 3600) apt.packages( diff --git a/cmdeploy/src/cmdeploy/dovecot/auth.conf b/cmdeploy/src/cmdeploy/dovecot/auth.conf index 304404a..4abcdfb 100644 --- a/cmdeploy/src/cmdeploy/dovecot/auth.conf +++ b/cmdeploy/src/cmdeploy/dovecot/auth.conf @@ -1,4 +1,4 @@ -uri = proxy:/run/dovecot/doveauth.socket:auth +uri = proxy:/run/doveauth/doveauth.socket:auth iterate_disable = yes default_pass_scheme = plain # %E escapes characters " (double quote), ' (single quote) and \ (backslash) with \ (backslash). diff --git a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 index 55baac3..290596d 100644 --- a/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 +++ b/cmdeploy/src/cmdeploy/dovecot/dovecot.conf.j2 @@ -78,7 +78,7 @@ mail_privileged_group = vmail ## # Pass all IMAP METADATA requests to the server implementing Dovecot's dict protocol. -mail_attribute_dict = proxy:/run/dovecot/metadata.socket:metadata +mail_attribute_dict = proxy:/run/chatmail-metadata/metadata.socket:metadata # Enable IMAP COMPRESS (RFC 4978). # diff --git a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f index 6d4bb9a..0ba43d9 100644 --- a/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f +++ b/cmdeploy/src/cmdeploy/service/chatmail-metadata.service.f @@ -2,9 +2,11 @@ Description=Chatmail dict proxy for IMAP METADATA [Service] -ExecStart={execpath} /run/dovecot/metadata.socket vmail /home/vmail/mail/{mail_domain} +ExecStart={execpath} /run/chatmail-metadata/metadata.socket /home/vmail/mail/{mail_domain} Restart=always RestartSec=30 +User=vmail +RuntimeDirectory=chatmail-metadata [Install] WantedBy=multi-user.target diff --git a/cmdeploy/src/cmdeploy/service/doveauth.service.f b/cmdeploy/src/cmdeploy/service/doveauth.service.f index c61e62e..43b6181 100644 --- a/cmdeploy/src/cmdeploy/service/doveauth.service.f +++ b/cmdeploy/src/cmdeploy/service/doveauth.service.f @@ -2,9 +2,11 @@ Description=Chatmail dict authentication proxy for dovecot [Service] -ExecStart={execpath} /run/dovecot/doveauth.socket vmail /home/vmail/passdb.sqlite {config_path} +ExecStart={execpath} /run/doveauth/doveauth.socket /home/vmail/passdb.sqlite {config_path} Restart=always RestartSec=30 +User=vmail +RuntimeDirectory=doveauth [Install] WantedBy=multi-user.target