Recently I got Dovecot Permission denied error
Jan 09 10:43:15 imap([email protected])<764608><vjwbhPBH+F3F2nS+>: Error: Mailbox INBOX: open(/home/exampleuser/mail/example.com/usermailbox/dovecot.index.log) fa
iled: Permission denied (euid=1008(exampleuser) egid=8(mail) missing +r perm: /home/exampleuser/mail/example.com/usermailbox/dovecot.index.log
from no where while researching found these solutions that i would like to share for anyone with the same issue by the checking the permission that where the user was changing to a number all the time and thanks Sahsanu post Exim not listening on external IP for port 587 - #13 by sahsanu realized what was wrong. these are the steps I had to take in detail :
What namei -mo is showing you is permissions on each path component.
The only difference between your current output and the desired one is here:
CURRENT:
drwxr-x--x root root exampleuser
drwxr-x--x root root mail
DESIRED:
drwxr-xr-x root root exampleuser
drwxr-xr-x root root mail
So you just need to add read permission (r) for “others” on two directories.
What to change
Fix /home/exampleuser permissions
Current:
drwxr-x--x root root /home/exampleuser
Desired:
drwxr-xr-x root root /home/exampleuser
Run:
sudo chmod o+r /home/exampleuser
Fix /home/exampleuser/conf/mail permissions
Current:
drwxr-x--x root root /home/exampleuser/conf/mail
Desired:
drwxr-xr-x root root /home/exampleuser/conf/mail
Run:
sudo chmod o+r /home/exampleuser/conf/mail
Verify
After that, check again:
namei -mo /etc/exim4/domains/example.com/passwd
You should now see exactly:
drwxr-xr-x root root exampleuser
drwxr-xr-x root root mail
Why this matters (Exim/Dovecot context)
-
Exim (
Debian-exim) needs execute (x) + read (r) on all parent directories to reach:/home/exampleuser/conf/mail/example.com/passwd -
Without
ron those directories, Exim can fail authentication with vague errors.
Your file ownership and permissions here are already correct and secure:
-rw-rw---- dovecot mail passwd
No need to change that 
What the error means (line by line)
stat(.../.Drafts/tmp) failed: Permission denied
Dovecot tried to access the tmp directory inside .Drafts.
euid=1008(exampleuser) egid=8(mail)
Dovecot is running as:
-
user: exampleuser
-
group:
mail
missing +x perm: /home/exampleuser/mail/example.com/usermailbox/.Drafts
Execute (x) permission is missing on .Drafts
dir owned by 770:8 mode=0700
-
Owner UID 770 (not exampleuser!)
-
Group mail (8)
-
Permissions 0700 → only the owner can access
So even though the group is correct, group has zero permissions.
Correct & secure permissions for Maildir
Maildir rule (important)
Every directory in a Maildir must have x permission for the user/group accessing it.
Standard, safe setup:
-
Owner: mailbox owner
-
Group:
mail -
Mode:
0770(or0750)
FIX (recommended)
Fix ownership of the mailbox
The UID 770 is wrong. The mailbox should belong to exampleuser.
sudo chown -R exampleuser:mail /home/exampleuser/mail/example.com/usermailbox
Fix permissions on all Maildir folders
sudo find /home/exampleuser/mail/example.com/usermailbox -type d -exec chmod 0770 {} \;
This ensures:
-
owner = full access
-
group = full access
-
others = no access (secure)
Fix files permissions (important)
sudo find /home/exampleuser/mail/example.com/usermailbox -type f -exec chmod 0660 {} \;
Restart services
sudo systemctl restart dovecot
sudo systemctl restart exim4
Verify
Check the problematic directory:
namei -mo /home/exampleuser/mail/example.com/usermailbox/.Drafts/tmp
You should see:
drwxrwx--- exampleuser mail .Drafts
drwxrwx--- exampleuser mail tmp
Hope this helps.