[Dovecot] chroot and raw logging

Michal Soltys nozo at ziu.info
Wed Mar 28 13:34:02 EEST 2007 

I'm not sure if it's even intended to work in this particular
case, but there's a problem when chroot is explicitely defined
and rawlogging is used. Rawlog respects chroot point, without
being actually chrooted.

Consider configurtion as below, with two cases (dovecot.rawlog
dir is of course created earlier, with appropriate uid/gid).

1)

dovecot.userdb:
test::10000:10000::/home/vmail/test.tld/test/./::userdb_mail=maildir:~/Maildir:

ktrace will show:
  18206 rawlog   CALL  sigprocmask(0x3,0)
  18206 rawlog   RET   sigprocmask -65793/0xfffefeff
  18206 rawlog   CALL  lstat(0x81fbe028,0xcfbcc980)
  18206 rawlog   NAMI  "/dovecot.rawlog"
  18206 rawlog   RET   lstat -1 errno 2 No such file or directory
  18206 rawlog   CALL  sigprocmask(0x1,0xffffffff)

2)

dovecot.userdb:
test::10000:10000::/home/vmail/test.tld/./test::userdb_mail=maildir:~/Maildir:

   1116 rawlog   CALL  lstat(0x85768028,0xcfbc1d20)
   1116 rawlog   NAMI  "test/dovecot.rawlog"
   1116 rawlog   RET   lstat -1 errno 2 No such file or directory
   1116 rawlog   CALL  sigprocmask(0x1,0xffffffff)
   1116 rawlog   RET   sigprocmask 0


I also noticed something else (not rawlog related). If I do a silly
(blame my curiosity ;) thing like:

valid_chroot_dirs: /
and set chroot point as /./home/vmail/test.tld/test/ in passwd-file

Dovecot will try to stat home/vmail/test.tld/test/ (and fail w/o beginning /),
then chdir to /tmp, start pop3 or imap process, and recreate
home/vmail/test.tld/test under /tmp.

  17027 dovecot  CALL  chdir(0x87a4b29c)
  17027 dovecot  NAMI  "home/vmail/test.tld/test/"
  17027 dovecot  RET   chdir -1 errno 2 No such file or directory
  17027 dovecot  CALL  setitimer(0,0xcfbe7020,0xcfbe7010)
  17027 dovecot  RET   setitimer 0
  17027 dovecot  CALL  seteuid(0)
  17027 dovecot  RET   seteuid 0
  17027 dovecot  CALL  chdir(0x3c001b72)
  17027 dovecot  NAMI  "/tmp"
  17027 dovecot  RET   chdir 0
...
  17027 dovecot  CALL  sigprocmask(0x3,0)
  17027 dovecot  RET   sigprocmask -65793/0xfffefeff
  17027 dovecot  CALL  execve(0x87a4bc38,0x87a4bc70,0x84fdb900)
  17027 dovecot  NAMI  "/usr/local/libexec/dovecot/pop3"
...
  17027 pop3     CALL  mkdir(0x85f5a2b0,0x1ff)
  17027 pop3     NAMI  "home/vmail/test.tld/test//Maildir"
  17027 pop3     RET   mkdir -1 errno 2 No such file or directory
  17027 pop3     CALL  mkdir(0x85f5a2e0,0x1ff)
  17027 pop3     NAMI  "home/vmail/test.tld/test/"
  17027 pop3     RET   mkdir -1 errno 2 No such file or directory
  17027 pop3     CALL  mkdir(0x85f5a328,0x1ff)
  17027 pop3     NAMI  "home/vmail/test.tld/test"
  17027 pop3     RET   mkdir -1 errno 2 No such file or directory
  17027 pop3     CALL  mkdir(0x85f5a348,0x1ff)
...

and so on, then it creates all the home/vmail/... dirs



Configuration:

openbsd 3.9, i386, dovecot 1.0-rc28

dovecot.userdb:
test::10000:10000::/home/vmail/test.tld/test/./::userdb_mail=maildir:~/Maildir:

dovecot.passdb:
test:{PLAIN}test:

base_dir: /var/dovecot/
protocols: imap imaps pop3 pop3s
ssl_listen: *
ssl_ca_file: /etc/ssl/cert_bundle.pem
ssl_cert_file: /etc/ssl/ca_ppgk/certs/fetch_crt.pem
ssl_key_file: /etc/ssl/ca_ppgk/private/fetch_key.pem
verbose_ssl: yes
login_dir: /var/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
login_greeting: Dovecot IMAP server ready.
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
valid_chroot_dirs: /var/mail:/home/regular:/home/vmail
verbose_proctitle: yes
first_valid_uid: 1999
first_valid_gid: 10
mail_location: mbox:~/Mail:INBOX=/var/mail/%u
mail_debug: yes
fsync_disable: yes
lock_method: fcntl
maildir_copy_with_hardlinks: yes
mbox_read_locks: fcntl
mbox_write_locks: fcntl
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3): outlook-idle
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xu%08Xv
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
   mechanisms: plain login
   verbose: yes
   debug: yes
   passdb:
     driver: passwd-file
     args: /etc/dovecot.passdb
   passdb:
     driver: bsdauth
   userdb:
     driver: passwd-file
     args: /etc/dovecot.userdb
   userdb:
     driver: passwd
   socket:
     type: listen
     client:
       path: /var/spool/postfix/private/auth
       mode: 432
       user: postfix
       group: postfix
     master:

More information about the dovecot mailing list