[Dovecot] symbolic links to root node
Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10).
In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like
Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long
We know the reason (the links are create by Wine) but unfortunately we cannot get rid of them.
Is there something I can do (these links should be ignored) ? Or is it a bug ?
Greetings. Martin
Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany
phone: ++49 761 203-8250 preen@informatik.uni-freiburg.de fax: ++49 761 203-8242 www.informatik.uni-freiburg.de
On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote:
Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10).
In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like
Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long
So you're exposing the entire home directory to Dovecot? Everything would go a lot more nicely (and faster) if Dovecot would have access only to actual mailboxes. Can't you just force everyone to use e.g. ~/mail/ directory (mail_location = mbox:~/mail)?
Is there something I can do (these links should be ignored) ? Or is it a bug ?
I don't think Dovecot should ignore those kind of errors, because if it happens on a normal mail directory, it's most likely a problem sysadmin should know about and fix. But in this kind of a mixed system.. well, modifying sources would be the only solution.
Timo Sirainen wrote:
On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote:
Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10).
In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like
Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long
So you're exposing the entire home directory to Dovecot? Everything would go a lot more nicely (and faster) if Dovecot would have access only to actual mailboxes. Can't you just force everyone to use e.g. ~/mail/ directory (mail_location = mbox:~/mail)?
It is on my long term ToDo list (I would prefer that). But actually it is very difficult to realize that in our environment.
Currently we're saying that one should configure an IMAP server directory (but most users don't want to read the documentation).
Is there something I can do (these links should be ignored) ? Or is it a bug ?
I don't think Dovecot should ignore those kind of errors, because if it happens on a normal mail directory, it's most likely a problem sysadmin should know about and fix. But in this kind of a mixed system.. well, modifying sources would be the only solution.
Ok.
Martin
Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany
phone: ++49 761 203-8250 preen@informatik.uni-freiburg.de fax: ++49 761 203-8242 www.informatik.uni-freiburg.de
In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like
stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long
Like you, our users store mail in their home directories* and sometimes they make symlinks to strange places like -> /usr.
I patched dovecot to simply ignore symlinks; maybe you can, too.
diff -c -r dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.c *** dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c Mon Feb 5 05:57:32 2007 --- dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.c Thu Apr 26 09:56:22 2007
*** 69,74 **** --- 69,85 ---- static int list_opendir(struct mail_storage *storage, const char *path, bool root, DIR **dirp) {
- /* ACS local modification */
struct stat st;if (lstat(*path == '\0' ? "/" : path, &st) < 0) {mail_storage_set_error(storage, "lstat failed!");return -1;}if (st.st_mode & S_IFLNK) {return 0; /*ignore*/}- /* end ACS local modification */
*dirp = opendir(*path == '\0' ? "/" : path); if (*dirp != NULL) return 1;
-- Adam
- although we're finally starting to convert our 30k users over to dedicated maildirs+NFS. I'll share my experiences with the list once we're done (early March I hope).
-- Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711 agt@ucsd.edu | University of California, San Diego | fax +1 858 534 7018
participants (3)
-
Adam Tilghman
-
Martin Preen
-
Timo Sirainen