[Dovecot] Dovecot unable to access the shadow file
I am installing Dovecot-2.1.13 on Slackware 13.37.0 for the first time to replace ipop3d and I have overcome all of the roadblocks as they have developed except this last one and I finally have to say “uncle”.
The error messages that are showing up in the dovecot.log are as follows.
Jan 24 12:27:27 tux2 dovecot: auth: Error: passwd-file /etc/shadow: open(/etc/shadow) failed: Permission denied (euid=202(dovecot) egid=202(dovecot) missing +r perm: /etc/shadow, we're not in group 43(shadow), dir owned by 0:0 mode=0755)
Jan 24 12:27:27 tux2 dovecot: auth: passwd-file(user,192.168.10.2,<pw3xHwzUSQDAqAoC>): no passwd file: /etc/shadow
Jan 24 12:27:29 tux2 dovecot: pop3-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.10.2]
Jan 24 12:27:29 tux2 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<user>, method=PLAIN, rip=192.168.10.2, lip=192.168.10.100, TLS: Disconnected, session=<pw3xHwzUSQDAqAoC>
Based on what I have read the only user that should access the shadow file is root. With that in mind I looked at all the configuration and .ext files and the only file I could find that would indicate that root should be checking the shadow file is 10-master.conf. In that file it said the default service auth-worker was root but since it was apparently not working I removed the hash mark and made it explicit. It still didn’t work.
As a last resort even though it was not good practice I tried adding user dovecot to the group shadow but that did not work either. It still says dovecot is not in the group shadow even though it is. Any suggestions?
-- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-unable-to-access-the-shadow-fil... Sent from the Dovecot mailing list archive at Nabble.com.
- kenwood temp583@dsh.twilightparadox.com 2013.01.24 19:07:
Jan 24 12:27:27 tux2 dovecot: auth: Error: passwd-file /etc/shadow: open(/etc/shadow) failed: Permission denied (euid=202(dovecot) egid=202(dovecot) missing +r perm: /etc/shadow, we're not in group 43(shadow), dir owned by 0:0 mode=0755)
Impossible to tell without actual 'dovecot -n' output. All the changes to '*.conf' may or may not apply to the actual configuration.
Regards Thomas
Impossible to tell without actual 'dovecot -n' output. All the changes to '*.conf' may or may not apply to the actual configuration.
My apologies. Here it is
# 2.1.13: /etc/dovecot/dovecot.conf # OS: Linux 3.2.26-smp i686 Slackware 14.0 auth_mechanisms = plain login auth_verbose = yes mail_debug = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/master-users driver = passwd-file master = yes pass = yes } passdb { args = scheme=CRYPT username_format=%u /etc/shadow driver = passwd-file } ssl_cert =
-- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-unable-to-access-the-shadow-fil... Sent from the Dovecot mailing list archive at Nabble.com.
El 24/01/13 19:07, kenwood escribió:
I am installing Dovecot-2.1.13 on Slackware 13.37.0 for the first time to replace ipop3d and I have overcome all of the roadblocks as they have developed except this last one and I finally have to say “uncle”.
The error messages that are showing up in the dovecot.log are as follows.
Jan 24 12:27:27 tux2 dovecot: auth: Error: passwd-file /etc/shadow: open(/etc/shadow) failed: Permission denied (euid=202(dovecot) egid=202(dovecot) missing +r perm: /etc/shadow, we're not in group 43(shadow), dir owned by 0:0 mode=0755)
Jan 24 12:27:27 tux2 dovecot: auth: passwd-file(user,192.168.10.2,<pw3xHwzUSQDAqAoC>): no passwd file: /etc/shadow
Jan 24 12:27:29 tux2 dovecot: pop3-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.10.2]
Jan 24 12:27:29 tux2 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<user>, method=PLAIN, rip=192.168.10.2, lip=192.168.10.100, TLS: Disconnected, session=<pw3xHwzUSQDAqAoC>
Based on what I have read the only user that should access the shadow file is root. With that in mind I looked at all the configuration and .ext files and the only file I could find that would indicate that root should be checking the shadow file is 10-master.conf. In that file it said the default service auth-worker was root but since it was apparently not working I removed the hash mark and made it explicit. It still didn’t work.
As a last resort even though it was not good practice I tried adding user dovecot to the group shadow but that did not work either. It still says dovecot is not in the group shadow even though it is. Any suggestions?
If your system is using pam, use it instead of accesing /etc/shadow directly
If your system is using pam, use it instead of accesing /etc/shadow directly.
My system does not have PAM. Does the dovecot -n output reveal anything to account for the why dovecot won't authenticate via the shadow file?
-- View this message in context: http://dovecot.2317879.n4.nabble.com/Dovecot-unable-to-access-the-shadow-fil... Sent from the Dovecot mailing list archive at Nabble.com.
On 01/25/13 12:57 PM, kenwood wrote:
My system does not have PAM. Does the dovecot -n output reveal anything to account for the why dovecot won't authenticate via the shadow file?
participants (4)
-
Joseba Torre
-
kenwood
-
Oscar del Rio
-
Thomas Leuxner