[Dovecot] Fatal: chdir( ) failed: Permission denied

Vallo Kallaste kalts at estpak.ee
Fri Oct 9 19:12:38 EEST 2009 

On Fri, Oct 09, 2009 at 11:26:19AM -0400, Timo Sirainen <tss at iki.fi>
wrote:

> On Oct 9, 2009, at 11:14 AM, Vallo Kallaste wrote:
> 
> >The reason seems to be that user primary group is "devel" and
> >directory /a/home has ACL which gives execute permission only to the
> >users in "domain users" group. Now the catch is that the user _is_
> >member of "domain users" group and is happily accessing his home
> >directory over CIFS(Samba) for long time.
> 
> What does Dovecot log with auth_debug=yes?
> 
Oct  9 18:53:49 jura dovecot: auth(default): client in: AUTH   1       PLAIN   service=imap    secured lip=192.168
.10.3        rip=192.168.25.1        lport=143       rport=3659
Oct  9 18:53:49 jura dovecot: auth(default): client out: CONT  1
Oct  9 18:53:49 jura dovecot: auth(default): client in: CONT<hidden>
Oct  9 18:53:49 jura dovecot: auth-worker(default): pam(ftest,192.168.25.1): lookup service=dovecot
Oct  9 18:53:49 jura dovecot: auth-worker(default): pam(ftest,192.168.25.1): #1/1 style=1 msg=Password:
Oct  9 18:53:49 jura dovecot: auth(default): client out: OK    1       user=ftest
Oct  9 18:53:49 jura dovecot: auth(default): master in: REQUEST        36      26941   1
Oct  9 18:53:49 jura dovecot: auth(default): passwd(ftest,192.168.25.1): lookup
Oct  9 18:53:49 jura dovecot: auth(default): master out: USER  36      ftest   system_groups_user=ftest        uid
=11745       gid=11332       home=/a/home/ftest
Oct  9 18:53:49 jura dovecot: imap-login: Login: user=<ftest>, method=PLAIN, rip=192.168.25.1, lip=192.168.10.3, T
LS
Oct  9 18:53:49 jura dovecot: dovecot: Fatal: chdir(/a/home/ftest) failed: Permission denied (euid=117
45(ftest) egid=11332(devel) missing +x perm: /a/home)
Oct  9 18:53:49 jura dovecot: dovecot: child 26943 (imap) returned error 89 (Fatal failure)

Uid/gid are right, gid=11332 is group "devel". The user has several
supplementary groups which are something like this (mangled):

jura:~ # id ftest
uid=11745(ftest) gid=11332(devel) groups=11332(devel),11812(xxx),11813(xxx_test),10513(domain users),11472(xxxmonitor),11409(monitor),11354(offline_xxx_mon),11323(it),11456(YYY),11237(ZZZZ)
-- 
Vallo

More information about the dovecot mailing list