Hi, I tried again with some other options.
After finding http://www.dovecot.org/list/dovecot/2013-November/093793.html I deleted every ACL from the directory Maildir and I also assigned the group "mail" to it, recursively:
OmniOS-Xeon:/tank/home/olaf/Maildir/.Generiche $ ls -lV total 903 drwxrwxrwx 2 olaf mail 2 Sep 27 23:47 cur owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:rwxp--a-R-c--s:-------:allow (and so on)
I tried also mail_full_filesystem_access = yes hoping that it would solve the issue, but nothing. Even with mail_debug = yes the log does not give any info besides dovecot: [ID 583609 mail.error] imap(olaf): Error: unlink(/tank/home/olaf/Maildir/.Generiche/dovecot-uidlist.tmp) failed: Permission denied
(it shows also "rename" instead of "unlink")
With these additional info, has anyone any idea about the cause of the problem?
My doveconf -n:
# 2.2.18: /etc/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs mail_debug = yes mail_full_filesystem_access = yes mail_location = maildir:/tank/home/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl = required ssl_cert = </etc/dovecot/certs/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
Any help will be appreciated.
Regards, Olaf Marzocchi
On 19/09/2015 19:22, Christian Kivalo wrote:
Hi,
On 2015-09-19 16:17, Olaf Marzocchi wrote:
Dear Dovecot users, hello. I will merge two issues I have into a single email because they may be related.
I used dovecot on a OmniOS server since 2014 (currently OmniOS r151014) with the following configuration (it shows 2.2.18 because I recently updated dovecot, skipping only the PostgreSQL plugin):
# 2.2.18: /etc/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs mail_location = maildir:/tank/home/%u/Maildir mail_privileged_group = mail namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } protocols = imap ssl = required ssl_cert = </etc/dovecot/certs/dovecot.pem ssl_key = </etc/dovecot/private/dovecot.pem userdb { driver = passwd }
You can see that I set the Maildir folder inside the shared home folders of my server (it is only one user, anyway). It always worked perfectly, but one-two months ago I changed the permissions of my whole home folder, recursively, to add proper ACLs. I needed them because the clients started using illumos kernel SMB (relying on ACLs) instead of Netatalk/AFP (relying on Unix perms only). I didn't realise I applied the ACLs also to the Maildir folder.
Dovecot worked for several weeks fine, I noticed the issue only yesterday when a mailbox (see below) appeared in Thunderbird completely empty even if the "cur" subfolder on the server still contains all the mails.
Dovecot was throwing some errors like:
dovecot: [ID 583609 mail.error] imap(olaf): Error: rename(/tank/home/olaf/Maildir/.&A6k- Mailing Lists.Log/dovecot.index.cache) failed: Permission denied (euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?)) dovecot: [ID 583609 mail.error] imap(olaf): Error: rename(/tank/home/olaf/Maildir/.&A6k- Mailing Lists.Log/dovecot.index.tmp, /tank/home/olaf/Maildir/.&A6k- Mailing Lists.Log/dovecot.index) failed: Permission denied dovecot: [ID 583609 mail.error] imap(olaf): Error: unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission denied dovecot: [ID 583609 mail.error] imap(olaf): Error: rename(/tank/home/olaf/Maildir/subscriptions.lock, /tank/home/olaf/Maildir/subscriptions) failed: Permission denied
I will post here the current permissions of the folder containing Maildir, of the Maildir itself, of its contents, and of the folder that appears empty when browsed with a client (Thunderbird).
/tank/home/olaf $ ls -lV .. drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf user:olaf:rwxpdDaARWcCos:fd-----:allow group:2147483648:rwxpdDaARWcCos:fd-----:allow everyone@:rwxpdDaARWcCos:fd-----:deny
/tank/home/olaf $ ls -lV drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow
/tank/home/olaf $ ls -lV Maildir/ drwxrwx--- 2 olaf olaf 2 Jan 30 2014 cur owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow -rwxrwx--- 1 olaf olaf 21 Jan 30 2014 dovecot-keywords owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow (ALL THE SAME PERMISSIONS FOR THE OTHER FILES EXCEPT...) -rwxrwx--- 1 olaf olaf 13735 Jan 24 2015 subscriptions owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow -rw-rw---- 1 olaf olaf 13709 Sep 19 01:51 subscriptions.lock owner@:rw-p--aARWcCos:-------:allow group@:rw-p--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow
The folder that appears empty:
/tank/home/olaf $ ls -lV Maildir/.Generiche/ total 513 drwxrwx--- 2 olaf olaf 949 Sep 18 01:42 cur owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow -rwxrwx--- 1 olaf olaf 46 May 18 2014 dovecot-keywords owner@:rwxp--aARWcCos:-------:allow group@:rwxp--a-R-c--s:-------:allow everyone@:------a-R-c--s:-------:allow (ALL THE SAME PERMISSIONS FOR THE OTHER FILES)
I really hope you will have the time to help me because I already applied the permissions recursively and I removed the ACLs, almost as it was before my mistake. I specified "almost" because originally (I checked the backups) the Maildir folder had an ACL that gave access permissions also to the group "mail":
drwxrwx---+349 olaf olaf 359 Feb 16 2014 Maildir group:mail:rwxpdDaARWcCos:fd-----:allow owner@:rwxpdDaARWcCos:fd----I:allow group@:rwxpdDaARWcCos:fd----I:allow everyone@:rwxpdDaARWcCos:fd----I:deny
Yesterday I haven't replicated it because from the documentation I understood it was not necessary.
From my view the permissions seem to be set correctly, i have to admin, its been a while since i moved to virtual users so i may be wrong here...
The log output also seems to support that permissions are correct.
Have you tried adding the group:mail:.... ACLs back?
Have you set mail_debug=yes or other more verbose logging settings? http://wiki2.dovecot.org/Logging