Further investigation shows that doveconf called
/usr/lib/dovecot/managesieve which in return calls doveconf again,
but with another uid (possible? I'm not sure) and a few extra arguments,
which causes a call to glob in
src/config/config-parser.c:settings_include to fail with GLOB_NOMATCH.
I'd be appreciate if anyone can provide information on suspicious
permission-relating operation that managesieve does before calling
doveconf.
I just can't find a way to post reply on previous mails, so I decided to post a new one. The original text follows.
On 2019/6/6 3:15, Ben Ma wrote:
I'm on dovecot 2.3.3 (dcead646b). Output of
dovecot -n:# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches doveconf: Error: managesieve-login: dump-capability process returned 89 doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches
While line 98 of dovecot.conf is just "!include conf.d/*.conf".
Output of
doveconf -n:# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches doveconf: Error: managesieve-login: dump-capability process returned 89 # OS: Linux 4.12.14-lp151.28.4-default x86_64 # Hostname: XXX doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory namespace inbox { ............. (Removed for simplicity) } ssl = required ssl_cert =
It's strange that all the extra content (especially ssl conf) only occurs in conf.d/10-ssl.conf.
To dig on what's happening underneath I ran
strace doveconf -n 2>&1 |egrep "\.conf|conf\.d"and got:write(1, "# 2.3.3 (dcead646b): /etc/doveco"..., 47# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf openat(AT_FDCWD, "/etc/dovecot/dovecot.conf", O_RDONLY) = 7 wait4(-1, doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line 98: No matches open("/etc/dovecot/conf.d", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 8 openat(AT_FDCWD, "/etc/dovecot/conf.d/90-sieve.conf", O_RDONLY) = 8 ............. (Removed for simplicity) openat(AT_FDCWD, "/etc/dovecot/conf.d/10-ssl.conf", O_RDONLY) = 20 openat(AT_FDCWD, "/etc/dovecot/conf.d/10-auth.conf", O_RDONLY) = 25 stat("/etc/dovecot/conf.d/auth-system.conf.ext", {st_mode=S_IFREG|0644, st_size=2182, ...}) = 0 openat(AT_FDCWD, "/etc/dovecot/conf.d/auth-system.conf.ext", O_RDONLY) = 26 stat("/etc/dovecot/local.conf", 0x7ffd94664760) = -1 ENOENT (No such file or directory) stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=709, ...}) = 0 open("/etc/host.conf", O_RDONLY|O_CLOEXEC) = 7 read(7, "#\n# /etc/host.conf - resolver co"..., 4096) = 370 open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 7 read(7, "### /etc/resolv.conf is a symlin"..., 4096) = 709 readlink("/var/run/dovecot/dovecot.conf", 0x5555db302598, 128) = -1 ENOENT (No such file or directory) write(2, "doveconf: Error: t_readlink(/var"..., 112doveconf: Error: t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink() failed: No such file or directory
It seems that files in conf.d is never read before doveconf's complaint! I have totally no idea why this happens. Any help?