Permission denied UNIX perms appear ok (ACL/MAC wrong?))

Austin Witmer austin96 at emypeople.net
Wed Aug 31 01:34:51 UTC 2022 

See below . . .

> On Aug 30, 2022, at 1:41 PM, spi <spi at nurfuerspam.de> wrote:
> 
> 
> 
> Am 30.08.22 um 20:43 schrieb Austin Witmer:
>> I’m am still getting the errors I mentioned previously. Maybe half a dozen of them per day . . .
>> 
>> So, the location of my mail storage (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem mounted by gocryptfs. Do you think gocryptfs could be at fault here?
>> 
>> Austin Witmer
>> 
> 
> Before and after mounting: What are the mount folder's user/group permissions? Who owns the mount folder (user/group)?
> 
> 

The owner is austin and group is austin before and after mounting the folder. I would need to verify that the owner is still the same before the folder is mounted sometime while my server is offline.
> If you do a "stat /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log <http://domain.com/user/dovecot.index.log>" as the user dovecot is running as (from your mail I see austin owns that file - is dovecot run as user austin?) - do you also get an error?
> 
I would think that dovecot is running as user austin, but I’m not sure how to verify that?
> If you do get an error - could you create a small encrypted fs and mount it to another folder, create a file there and check again for "stat file"? Play with the permissions and user/group assignments. Still getting an error?
> 
> --
> Cheers
> spi

So here is one of the last log lines from my mail.err file.

Aug 30 23:09:11 mail dovecot: lmtp(user at domain.com)<179137><WgoPM5eYDmPBuwIAZU03Dg>: Error: open(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist.lock) failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: lmtp(user at domain.com)<179137><WgoPM5eYDmPBuwIAZU03Dg>: Error: lmtp-server: conn unix:pid=179136,uid=112 [1]: rcpt user at domain.com: Mailbox INBOX: file_dotlock_create(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist) failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: lmtp(user at domain.com)<179137><WgoPM5eYDmPBuwIAZU03Dg>: Error: sieve: msgid=<d37ab115ceaf45b3b3ff87b90b4fb3ca at Exchange.ssmail.org>: failed to store into mailbox 'INBOX': Mailbox INBOX: file_dotlock_create(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist) failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: lmtp(user at domain.com)<179137><WgoPM5eYDmPBuwIAZU03Dg>: Error: sieve: Execution of script /var/lib/dovecot/sieve/default.sieve was aborted due to temporary failure


Here is the stat command one of the files that dovecot seem to not be able to access.

austin at mail:/mnt/volume1/mailserver$ stat /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist
  File: /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist
  Size: 60565     	Blocks: 120        IO Block: 4096   regular file
Device: 2bh/43d	Inode: 146325      Links: 1
Access: (0660/-rw-rw----)  Uid: ( 1000/  austin)   Gid: ( 1000/  austin)
Access: 2022-08-30 23:19:24.701469295 +0000
Modify: 2022-08-30 23:16:34.155318207 +0000
Change: 2022-08-30 23:16:34.163318308 +0000
 Birth: -

Is the problem that the x perm is missing from both the user and group for this file? I have tried different times to recursively apply wrx permissions to all the folders and files but it seems like dovecot must create files that it later cannot access. Or maybe I am not understanding this correctly?

Why am I getting these errors only about 1% of the time and the rest of the time it works fine? This seems to be randomly happening to various users on my server.

Thanks again to all of you for your help!

Austin Witmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220830/5d3a1ef2/attachment-0001.htm>

More information about the dovecot mailing list