Hi,
On 31 Jul 2008 at 17:16, Tom Diehl wrote:
Date sent: Thu, 31 Jul 2008 17:16:24 -0400 (EDT) From: Tom Diehl tdiehl@rogueind.com Subject: Re: [Dovecot] Permission denied creating inbox file in /var/mail To: Steve Ochani Steve.Ochani@ncc.edu Copies to: dovecot@dovecot.org Send reply to: Dovecot Mailing List dovecot@dovecot.org
On Thu, 31 Jul 2008, Steve Ochani wrote:
Hello all,
I'm using dovecot version 1.07 on CentoOS 5 (clone of RHEL 5).
When there is no existing mbox file for a user in /var/mail I get the following error:
Jul 31 16:32:32 newnewton dovecot: imap-login: Login: user=<testm2>, method=PLAIN, rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): open(/var/mail/testm2, O_CREAT) failed: Permission denied Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): access() failed with mbox file /var/mail/testm2: No such file or directory Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): stat() failed with mbox file /var/mail/testm2: No such file or directory Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): Connection closed
My persimmons on /var/mail (which is a symlink to /var/spool/mail) :
drwxrwxr-x 2 root mail 4096 Jul 31 16:32 mail
I have tried adding the mail group as mail_privileged_group, the output of dovecot -n :
# 1.0.7: /etc/dovecot.conf login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_privileged_group: mail mail_location: mbox:~/IMAPmail:INBOX=/var/mail/%u mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 auth default: passdb: driver: pam userdb: driver: passwd
Here is the permission on /etc/dovecot.conf
-rw-r--r-- 1 root root 42833 Jul 31 15:30 /etc/dovecot.conf
I've searched google and the mailing list archive and tried the couple of things commonly suggested.
As for a test I changed perms on /var/spool/mail to 777 and then dovecot made the inbox file. The file ended up being owned by the user and the group owner was the group that the user belongs to, not mail.
When I create new users using useradd there is a 0 byte file created in /var/mail for the user but I use scripts to create student accounts every semester (about 10,000) so I'm trying to avoid having to add more things that the script will have to create.
Any help is greatly appreciated.
I am not sure if this is the right answer or not but how about "chmod 1777 /var/spool/mail"? I do this so that procmail can write to the mail spool.
Setting the sticky bit works but I'm not sure if I will use this solution because it creates a bit of security problem.
Any user can start writing files in the dir now.
user1 can create a file as user2 and put fake mail in it. I tested this and it works, I was also unable to delete the mail since the file is owned by user1. The file got fixed by sendmail when I sent mail to user2.
Thanks for you help.
I think dovecot should use the mail_privileged_group group to also be able to create files, this was mentioned a couple of times before in other posts.
-Steve O.