-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 14 Nov 2014, Chris Szilagyi wrote:
- have read dovecot logs, if there are errors, and
Quite a while after testing and posting this, these errors started showing up in /var/log/maillog ... I'm currently investigating. This may be part of the issue.
dovecot: imap(username): Error: quotactl(Q_GETQUOTA, /dev/sdb1) failed: Permission denied
This is the reason, you do not get any "current" information about the quota
Do you have SELinux in action? Run "sestatus" and "grep -i AVC /var/log/audit/audit.log" to identify SELinux caused denials,
Yes, I do use SELinux. I have tried setting "setenforce 0" however just as you mentioned these show up in the audit.log which I just found as well:
type=AVC msg=audit(1415935621.946:8005): avc: denied { quotaget } for pid=27701 comm="imap" scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
I ended up following instructions in a SELinux FAQ to allow dovecot to use quotaget. Seems that Dovecot is still not reporting any quota usage though:
Quota name Type Value Limit % User quota STORAGE 0 - 0
I also did a check by running "quota username" and it shows the hard/soft values set correctly.
These are the steps I went through to correct the SELinux issue:
audit2allow -m local -l -i /var/log/audit/audit.log > dovecotquotaget.te
Edit and take out other lines in this file not pertaining to the quotaget issue.
checkmodule -M -m -o dovecotquotaget.mod dovecotquotaget.te semodule_package -o dovecotquotaget.pp -m dovecotquotaget.mod semodule -i dovecotquotaget.pp
I noticed this before but it doesn't seem that it queries quota usage every time the user connects via IMAP. I know this because I wasn't always getting the "Permission denied" errors until a while after I enabled quotas.
If you have any further ideas please let me know. Thank you very much once again.
-- Chris