[Dovecot] Fatal: chdir(homedir) failed: Permission denied

Καράμπης Παναγιώτης epp719 at epp.teicrete.gr
Sat Nov 13 18:00:53 EET 2004


hello all i run dovecot as my imap server on my university and squirrel as webmail. But squirrel returns an error:
ERROR : Connection dropped by imap-server
CAPABILITY
 
i tail my /var/log/dovecot and this is the output with whatever user i try to log in and view mails:
 
dovecot: Nov 13 17:51:27 Fatal: chdir(/home/epp719) failed with uid 2975: Permission denied
dovecot: Nov 13 17:51:27 Error: child 17554 (imap) returned error 89
----------------------------------------------------------------------
i give the:
root@(host edited):/root# ls -lad /home/epp719
drwx---r-x  4 epp719 users 368 2004-11-13 17:49 /home/epp719
and directory exists i tried also changing permissions on dir but same things happen.
both .qmail and Maildir exist in the home directory.

I attach the dovecot.conf file... any help is appreciated!
 
PS: Sorry about my english its not my native language.. oh i forgot squirrel gets data and attachments from mysql...
 
-------------- next part --------------
## Dovecot 1.0 configuration file

base_dir = /var/run/dovecot/

protocols = imap

imap_listen = *

# Disable SSL/TLS support.
ssl_disable = yes

disable_plaintext_auth = no

log_path = /var/log/dovecot

info_log_path = /var/log/dovecot.info

log_timestamp = "%b %d %H:%M:%S "

##
## Login processes
##

login_dir = /var/run/dovecot/login


login_chroot = yes



##
## IMAP login process
##

login = imap

# Executable location.
login_executable = /usr/local/libexec/dovecot/imap-login

login_user =  dovecot

login_process_size = 16

login_process_per_connection = yes

login_processes_count = 3

login_max_processes_count = 128

# logging in actually login_processes_count * max_logging_users.
login_max_logging_users = 256


##
## Mail processes
##

# Maximum number of running mail processes. When this limit is reached,
# new users aren't allowed to log in.
max_mail_processes = 1024

verbose_proctitle = yes


valid_chroot_dirs = /home/jail

# Default chroot directory for mail processes. This can be overridden by
# giving /./ in user's home directory (eg. /home/./user chroots into /home).

#mail_chroot = /spool/mail

# Default MAIL environment to use when it's not set. By leaving this empty
# dovecot tries to do some automatic detection as described in
# doc/mail-storages.txt. There's a few special variables you can use:
#
#   %u - username
#   %n - user part in user at domain, same as %u if there's no domain
#   %d - domain part in user at domain, empty if user there's no domain
#   %h - home directory
#
# You can also limit a width of string by giving the number of max. characters
# after the '%' character. For example %1u gives the first character of
# username. Some examples:
#
#
default_mail_env = maildir:/%h/Maildir

# Space-separated list of fields to cache for all mails. Currently these
# fields are allowed followed by a list of commands they speed up:
#
#  Envelope      - FETCH ENVELOPE and SEARCH FROM, TO, CC, BCC, SUBJECT,
#                  SENTBEFORE, SENTON, SENTSINCE, HEADER MESSAGE-ID,
#                  HEADER IN-REPLY-TO
#  Body          - FETCH BODY
#  Bodystructure - FETCH BODY, BODYSTRUCTURE
#  MessagePart   - FETCH BODY[1.2.3] (ie. body parts), RFC822.SIZE,
#                  SEARCH SMALLER, LARGER, also speeds up BODY/BODYSTRUCTURE
#                  generation. This is always set with mbox mailboxes, and
#                  also default with Maildir.
#
# Different IMAP clients work in different ways, that's why Dovecot by default
# only caches MessagePart which speeds up most operations. Whenever client
# does something where caching could be used, the field is automatically marked
# to be cached later. For example after FETCH BODY the BODY will be cached
# for all new messages. Normally you should leave this alone, unless you know
# what most of your IMAP clients are. Caching more fields than needed makes
# the index files larger and generate useless I/O.
#
# With maildir there's one extra optimization - if nothing is cached, indexing
# the maildir becomes much faster since it's not opening any of the mail files.
# This could be useful if your IMAP clients access only new mails.

#mail_cache_fields = MessagePart

# Space-separated list of fields that Dovecot should never set to be cached.
# Useful if you want to save disk space at the cost of more I/O when the fields
# needed.
#mail_never_cache_fields = 

# Workarounds for various client bugs:
#   oe6-fetch-no-newmail:
#     Never send EXISTS/RECENT when replying to FETCH command. Outlook Express
#     seems to think they are FETCH replies and gives user "Message no longer
#     in server" error. Note that OE6 still breaks even with this workaround
#     if synchronization is set to "Headers Only".
#   outlook-idle:
#     Outlook and Outlook Express never abort IDLE command, so if no mail
#     arrives in half a hour, Dovecot closes the connection. This is still
#     fine, except Outlook doesn't connect back so you don't see if new mail
#     arrives.
#client_workarounds = 

# Dovecot can notify client of new mail in selected mailbox soon after it's
# received. This setting specifies the minimum interval in seconds between
# new mail notifications to client - internally they may be checked more or
# less often. Setting this to 0 disables the checking.
# NOTE: Evolution client breaks with this option when it's trying to APPEND.
#mailbox_check_interval = 0

# Like mailbox_check_interval, but used for IDLE command.
#mailbox_idle_check_interval = 30

# Allow full filesystem access to clients. There's no access checks other than
# what the operating system does for the active UID/GID. It works with both
# maildir and mboxes, allowing you to prefix mailboxes names with eg. /path/
# or ~user/.
mail_full_filesystem_access = no

# Maximum allowed length for custom flag name. It's only forced when trying
# to create new flags.
#mail_max_flag_length = 50

# Save mails with CR+LF instead of plain LF. This makes sending those mails
# take less CPU, especially with sendfile() syscall with Linux and FreeBSD.
# But it also creates a bit more disk I/O which may just make it slower.
#mail_save_crlf = no

# Use mmap() instead of read() to read mail files. read() seems to be a bit
# faster with my Linux/x86 and it's better with NFS, so that's the default.
#mail_read_mmaped = no

# Copy mail to another folders using hard links. This is much faster than
# actually copying the file. This is problematic only if something modifies
# the mail in one folder but doesn't want it modified in the others. I don't
# know any MUA which would modify mail files directly. IMAP protocol also
# requires that the mails don't change, so it would be problematic in any case.
# If you care about performance, enable it.
#maildir_copy_with_hardlinks = no

# Check if mails' content has been changed by external programs. This slows
# down things as extra stat() needs to be called for each file. If changes are
# noticed, the message is treated as a new message, since IMAP protocol
# specifies that existing message are immutable.
#maildir_check_content_changes = no

# Which locking methods to use for locking mbox. There's three available:
#  dotlock: Create <mailbox>.lock file. This is the oldest and most NFS-safe
#           solution. If you want to use /var/mail/ like directory, the users
#           will need write access to that directory.
#  fcntl  : Use this if possible. Works with NFS too if lockd is used.
#  flock  : May not exist in all systems. Doesn't work with NFS.
#
# You can use both fcntl and flock too; if you do the order they're declared
# with is important to avoid deadlocks if other MTAs/MUAs are using both fcntl
# and flock. Some operating systems don't allow using both of them
# simultaneously, eg. BSDs. If dotlock is used, it's always created first.
#mbox_locks = dotlock fcntl flock
mbox_locks = fcntl flock

# Should we create dotlock file even when we want only a read-lock? Setting
# this to yes hurts the performance when the mailbox is accessed simultaneously
# by multiple processes, but it's needed for reliable reading if no other
# locking methods are available.
mbox_read_dotlock = no

# Maximum time in seconds to wait for lock (all of them) before aborting.
mbox_lock_timeout = 300

# If dotlock exists but the mailbox isn't modified in any way, override the
# lock file after this many seconds.
mbox_dotlock_change_timeout = 30

# umask to use for mail files and directories
umask = 0077

# Drop all privileges before exec()ing the mail process. This is mostly
# meant for debugging, otherwise you don't get core dumps. Note that setting
# this to yes means that log file is opened as the logged in user, which
# might not work. It could also be a small security risk if you use single UID
# for multiple users, as the users could ptrace() each others processes then.
#mail_drop_priv_before_exec = no

##
## IMAP process
##

# Executable location
imap_executable = /usr/local/libexec/dovecot/imap

# Set max. process size in megabytes. Most of the memory goes to mmap()ing
# files, so it shouldn't harm much even if this limit is set pretty high.
imap_process_size = 256

# Support for dynamically loadable modules.
#imap_use_modules = no
#imap_modules = /usr/lib/dovecot/imap


##
## Authentication processes
##

auth = default

auth_mechanisms = plain


# Default realm to use if none was specified.
#auth_default_realm = 

# Where user database is kept:
#   passwd: /etc/passwd or similiar, using getpwnam()
#   passwd-file <path>: passwd-like file with specified location
#   static uid=<uid> gid=<gid> home=<dir template>: static settings
#   vpopmail: vpopmail library
#   ldap <config path>: LDAP, see doc/dovecot-ldap.conf
#   pgsql <config path>: a PostgreSQL database, see doc/dovecot-pgsql.conf
auth_userdb = passwd-file /etc/passwd 

auth_passdb = passwd-file /etc/shadow 

# Set max. process size in megabytes.
#auth_process_size = 256

# User to use for the process. This user needs access to only user and
# password databases, nothing else. Only shadow and pam authentication
# requires roots, so use something else if possible.
auth_user = root

# Directory where to chroot the process. Most authentication backends don't
# work if this is set, and there's no point chrooting if auth_user is root.
#auth_chroot = 

# Number of authentication processes to create
auth_count = 1

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

# Username to use for users logging in with ANONYMOUS SASL mechanism
#auth_anonymous_username = anonymous

# More verbose logging. Useful for figuring out why authentication isn't
# working.
auth_verbose = yes

# digest-md5 authentication process. It requires special MD5 passwords which
# /etc/shadow and PAM doesn't support, so we never need roots to handle it.
# Note that the passwd-file is opened before chrooting and dropping root
# privileges, so it may be 0600-root owned file.

#auth = plain 
#auth_methods = digest-md5
#auth_realms = 
#auth_userdb = passwd-file /etc/passwd.imap
#auth_passdb = passwd-file /etc/passwd.imap
#auth_user = imapauth
#auth_chroot = 

# if you plan to use only passwd-file, you don't need the two auth processes,
# simply set "auth_methods = plain digest-md5"


More information about the dovecot mailing list