[Dovecot] problems with dotlock

Mark Hedges hedges at scriptdolphin.org
Sat Feb 28 00:28:36 EET 2009 


On Fri, 27 Feb 2009, Timo Sirainen wrote:
> OK, so core dumps are enabled, but for some reason they
> don't get written. There are really only two possibilities
> then:
>
> a) You don't really have mail_drop_priv_before_exec=yes.
> You could verify this with dovecot -n.

[root at anubis etc]# /usr/local/sbin/dovecot -n | grep drop
mail_drop_priv_before_exec: yes

> b) Kernel doesn't want to write the core to /tmp/core or
> before changing that it didn't want to write it to user's
> home directory.

[root at anubis etc]# grep -i core
/boot/config-2.6.18-92.1.22.el5
CONFIG_ELF_CORE=y
# Core Netfilter Configuration
CONFIG_MLX4_CORE=m
CONFIG_SERIAL_CORE=y
CONFIG_SERIAL_CORE_CONSOLE=y
# CONFIG_I2C_OCORES is not set
# CONFIG_I2C_DEBUG_CORE is not set
CONFIG_PROC_KCORE=y
CONFIG_PROC_VMCORE=y

Is that informative?  I would not be surprised if the kernel
is buggy.  It also indefinitely holds onto network
connections in CLOSE_WAIT state, never times them out, and
after some list research it seems there's no option to
control that, could be wrong, but I gave up.

> Your version of the patch looked ok, but why didn't the
> warning get written to the log? If you didn't somehow
> forget make install or something similar, the only reason
> is then if mbox->mbox_privileged_locking=TRUE. But the
> later code says that it's FALSE.
>
> Try adding one more thing before the return line:
>
> i_warning("privileged=%d", mbox->mbox_privileged_locking);

I added that in mbox-storage.c.  Looks like it didn't get
that far.  Yes, I did `make` and `make install` again, and
watched it recompile mbox-storage.c.  Just to verify, I did
`make clean` and `./configure; make; make install` again.
Nothing different.

Feb 27 14:13:16 anubis dovecot: auth(default): client in: AUTH  1   PLAIN   service=pop3    secured lip=127.0.0.1   rip=127.0.0.1   lport=110   rport=37310 resp=<hidden>
Feb 27 14:13:16 anubis dovecot: auth(default): client out: OK   1   user=despam_test_anubis
Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): lookup service=dovecot
Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): #1/1 style=1 msg=Password:
Feb 27 14:13:16 anubis dovecot: auth(default): master in: REQUEST   1   18328   1
Feb 27 14:13:16 anubis dovecot: auth(default): passwd(despam_test_anubis,127.0.0.1): lookup
Feb 27 14:13:16 anubis dovecot: auth(default): master out: USER 1   despam_test_anubis  system_user=despam_test_anubis  uid=511 gid=100 home=/home/anubis/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: child 18346 (pop3) killed with signal 11
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): Effective uid=511, gid=100
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): mbox: data=~/mail:INBOX=/var/spool/mail/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): fs: root=/home/anubis/despam_test_anubis/mail, index=, control=, inbox=/var/spool/mail/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): file_dotlock_create(/var/spool/mail/despam_test_anubis) failed: Permission denied (euid=511(despam_test_anubis) egid=100(users) missing +w perm: /var/spool/mail) (under root dir /home/anubis/despam_test_anubis/mail -> no privileged locking)
Feb 27 14:13:16 anubis dovecot: pop3-login: Login: user=<despam_test_anubis>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
Feb 27 14:13:17 anubis dovecot: auth(default): new auth connection: pid=18347

> Also are you using any plugins? Paste your dovecot -n output?

I only compiled fresh 1.1.11 source and left it in
/usr/local/.  The yum/rpm version is under /usr and it is
not running when I do these tests.

A look at lsof shows it's using the right libs for dovecot
stuff... hrmm but /lib/libselinux.so.1 is linked, I wonder
if that is the problem behind core dumps and these
permissions.  Hrmm, I set the boot flag selinux=0 and
rebooted, but I still get the same errors and see
/lib/libselinux.so.1 in lsof.  How do I tell if I've turned
selinux off?

[root at anubis etc]# /usr/local/sbin/dovecot -n
# 1.1.11: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.18-92.1.22.el5 i686 CentOS release 5.2 (Final)
syslog_facility: local0
protocols: pop3 imap
ssl_ca_file: /etc/mail/certs/ca.crt
ssl_cert_file: /etc/mail/certs/thishost.crt
ssl_key_file: /etc/mail/certs/thishost.key
login_dir: /usr/local/var/run/dovecot/login
login_executable(default): /usr/local/libexec/dovecot/imap-login
login_executable(imap): /usr/local/libexec/dovecot/imap-login
login_executable(pop3): /usr/local/libexec/dovecot/pop3-login
mail_privileged_group: mail
mail_uid: 8
mail_gid: 12
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
mail_debug: yes
lock_method: dotlock
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/local/libexec/dovecot/imap
mail_executable(imap): /usr/local/libexec/dovecot/imap
mail_executable(pop3): /usr/local/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/local/lib/dovecot/imap
mail_plugin_dir(imap): /usr/local/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3
pop3_lock_session(default): no
pop3_lock_session(imap): no
pop3_lock_session(pop3): yes
auth default:
  debug: yes
  passdb:
    driver: pam
  userdb:
    driver: passwd

More information about the dovecot mailing list