[Dovecot] Why dovecot does not want to read my acl file?

Lukas Haase lukashaase at gmx.at
Wed Dec 16 04:53:06 EET 2009 

Hi Timo,

Thank zou for your reply!

Timo Sirainen schrieb:
> On Wed, 2009-12-16 at 00:24 +0900, Lukas Haase wrote:
>> mail_drop_priv_before_exec = no  #just to make sure
> 
> "no" means it starts the process as root as root. I guess you meant to
> use "yes".

I know but I tried both in order to see if it is maybe because of this 
entry.

Anyway, the ACL could not be read in either way...

> [...]
>> ACL_GROUPS=`groups $USER | tr ' '  ','`
>> export ACL_GROUPS
> 
> I don't think ACL_GROUPS is supported by Dovecot v1.0.

:( :(

But nevertheless, let us just forget about the ACL_GROUPS, I would be 
interested why the ACL file could not be read.

Further things I forgot:

* In the homedirs the scenario is the same. The one user that has access
   to the files is the user peter itself and there I got no errors about
   reading the ACL files
* Reading succeeds when I set the directory (.Office) to 755
* For testing I wrote
   authenticated lrwstiek
   into the dovecot-acl which means that the problem can not depend on
   the ACL itself.

I just do not understand. The process runs as user peter and complains 
that it is unable to open the ACL file. But the file is definitively 
readable for user peter, as I checked with su. Also the error is gone 
when I set the directory to 755 ... that sounds really strange for me...

>> By the way: As soon as I change the mail_executable to 
>> /usr/local/sbin/dovecot-imap-fix.sh I get this message and have 
>> absolutely no clue why:
>>
>> # /etc/init.d/dovecot restart
>> Restarting IMAP/POP3 mail server: dovecotid: dump-capability: No such user
>> .
>> #
>>
>> Which dump-capability? Which user?
> 
> It's because at startup Dovecot executes imap mail_executable as
> "dump-capability" user to find out what IMAP capabilities enabled
> plugins add. In your script you should probably check that if
> $USER=dump-capability, don't do anything special.

Hmm, I do not fully understand. You can see my whole script in the OP 
... there is not done anything special, isnt it?

Best regards,
Luke

More information about the dovecot mailing list