On Fri, 27 Feb 2009, Timo Sirainen wrote:
OK, so core dumps are enabled, but for some reason they don't get written. There are really only two possibilities then:
a) You don't really have mail_drop_priv_before_exec=yes. You could verify this with dovecot -n.
[root@anubis etc]# /usr/local/sbin/dovecot -n | grep drop mail_drop_priv_before_exec: yes
b) Kernel doesn't want to write the core to /tmp/core or before changing that it didn't want to write it to user's home directory.
[root@anubis etc]# grep -i core /boot/config-2.6.18-92.1.22.el5 CONFIG_ELF_CORE=y # Core Netfilter Configuration CONFIG_MLX4_CORE=m CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_I2C_OCORES is not set # CONFIG_I2C_DEBUG_CORE is not set CONFIG_PROC_KCORE=y CONFIG_PROC_VMCORE=y
Is that informative? I would not be surprised if the kernel is buggy. It also indefinitely holds onto network connections in CLOSE_WAIT state, never times them out, and after some list research it seems there's no option to control that, could be wrong, but I gave up.
Your version of the patch looked ok, but why didn't the warning get written to the log? If you didn't somehow forget make install or something similar, the only reason is then if mbox->mbox_privileged_locking=TRUE. But the later code says that it's FALSE.
Try adding one more thing before the return line:
i_warning("privileged=%d", mbox->mbox_privileged_locking);
I added that in mbox-storage.c. Looks like it didn't get
that far. Yes, I did make and make install again, and
watched it recompile mbox-storage.c. Just to verify, I did
make clean and ./configure; make; make install again.
Nothing different.
Feb 27 14:13:16 anubis dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=37310 resp=<hidden>
Feb 27 14:13:16 anubis dovecot: auth(default): client out: OK 1 user=despam_test_anubis
Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): lookup service=dovecot
Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): #1/1 style=1 msg=Password:
Feb 27 14:13:16 anubis dovecot: auth(default): master in: REQUEST 1 18328 1
Feb 27 14:13:16 anubis dovecot: auth(default): passwd(despam_test_anubis,127.0.0.1): lookup
Feb 27 14:13:16 anubis dovecot: auth(default): master out: USER 1 despam_test_anubis system_user=despam_test_anubis uid=511 gid=100 home=/home/anubis/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: child 18346 (pop3) killed with signal 11
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): Effective uid=511, gid=100
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): mbox: data=~/mail:INBOX=/var/spool/mail/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): fs: root=/home/anubis/despam_test_anubis/mail, index=, control=, inbox=/var/spool/mail/despam_test_anubis
Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): file_dotlock_create(/var/spool/mail/despam_test_anubis) failed: Permission denied (euid=511(despam_test_anubis) egid=100(users) missing +w perm: /var/spool/mail) (under root dir /home/anubis/despam_test_anubis/mail -> no privileged locking)
Feb 27 14:13:16 anubis dovecot: pop3-login: Login: user=
Also are you using any plugins? Paste your dovecot -n output?
I only compiled fresh 1.1.11 source and left it in /usr/local/. The yum/rpm version is under /usr and it is not running when I do these tests.
A look at lsof shows it's using the right libs for dovecot stuff... hrmm but /lib/libselinux.so.1 is linked, I wonder if that is the problem behind core dumps and these permissions. Hrmm, I set the boot flag selinux=0 and rebooted, but I still get the same errors and see /lib/libselinux.so.1 in lsof. How do I tell if I've turned selinux off?
[root@anubis etc]# /usr/local/sbin/dovecot -n # 1.1.11: /usr/local/etc/dovecot.conf # OS: Linux 2.6.18-92.1.22.el5 i686 CentOS release 5.2 (Final) syslog_facility: local0 protocols: pop3 imap ssl_ca_file: /etc/mail/certs/ca.crt ssl_cert_file: /etc/mail/certs/thishost.crt ssl_key_file: /etc/mail/certs/thishost.key login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login mail_privileged_group: mail mail_uid: 8 mail_gid: 12 mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_debug: yes lock_method: dotlock mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes auth default: debug: yes passdb: driver: pam userdb: driver: passwd