[Dovecot] Permission Denied - cannot create inbox
tlmoore@gmail.com writes:
Apr 7 07:44:51 fs1 dovecot: imap(tim): Error: chown(/home/tim/mail/.imap/INBOX, -1, 97(dovecot)) failed: Operation not permitted (egid=500(tim), group based on /var/mail/tim)
How do I give permissions to dovecot program to create these? I am trying not to chmod 777 every mailbox.
I was going to write about the same problem. This got me over the hump:
chmod 0600 /var/spool/mail/*
All my user's mailboxes used to be group=mail mode=0660. I think these settings were left over from Solaris' mail.local: I can't reproduce these permissions now, even for new mailboxes. Maybe it's because the spool directory is now mode=1777 (not g+s mail). Not too keen on these permissions either, but it seems to work.
Dovecot seems to transfer group permissions of the mailbox to its corresponding cache. If it can't set group ownership, you get the fatal error message above. If the original mailbox is mode 0600, dovecot is smart enough not to set group ownership.
I couldn't find this information: shouldn't it be documented here?
http://wiki2.dovecot.org/SharedMailboxes/Permissions
This situation could also happen if a user is revoked from a group's membership.
Would it be useful to make this a configurable behaviour whereby a chgrp() failure of cache files will fall back to chown'ing to user=owner, mode=0600 instead? Or just leave the user to scratch their head?
Joseph Tam <tam@math.ubc.ca>
That fixed it!! Thanks so much. Not sure why that isn't in the documentation.
Joseph Tam-2 wrote:
tlmoore@gmail.com writes:
Apr 7 07:44:51 fs1 dovecot: imap(tim): Error: chown(/home/tim/mail/.imap/INBOX, -1, 97(dovecot)) failed: Operation not permitted (egid=500(tim), group based on /var/mail/tim)
How do I give permissions to dovecot program to create these? I am trying not to chmod 777 every mailbox.
I was going to write about the same problem. This got me over the hump:
chmod 0600 /var/spool/mail/*
All my user's mailboxes used to be group=mail mode=0660. I think these settings were left over from Solaris' mail.local: I can't reproduce these permissions now, even for new mailboxes. Maybe it's because the spool directory is now mode=1777 (not g+s mail). Not too keen on these permissions either, but it seems to work.
Dovecot seems to transfer group permissions of the mailbox to its corresponding cache. If it can't set group ownership, you get the fatal error message above. If the original mailbox is mode 0600, dovecot is smart enough not to set group ownership.
I couldn't find this information: shouldn't it be documented here?
http://wiki2.dovecot.org/SharedMailboxes/Permissions
This situation could also happen if a user is revoked from a group's membership.
Would it be useful to make this a configurable behaviour whereby a chgrp() failure of cache files will fall back to chown'ing to user=owner, mode=0600 instead? Or just leave the user to scratch their head?
Joseph Tam <tam@math.ubc.ca>
-- View this message in context: http://old.nabble.com/Permission-Denied---cannot-create-inbox-tp31347448p313... Sent from the Dovecot mailing list archive at Nabble.com.
On Thu, 2011-04-07 at 16:43 -0700, Joseph Tam wrote:
Dovecot seems to transfer group permissions of the mailbox to its corresponding cache. If it can't set group ownership, you get the fatal error message above. If the original mailbox is mode 0600, dovecot is smart enough not to set group ownership.
I couldn't find this information: shouldn't it be documented here?
Well, I don't know if documenting it there would actually help many people. Users having this problem aren't trying to share mailboxes, so they probably wouldn't be looking into that page. This is anyway mbox-specific problem, so I added it now to mbox page: http://wiki2.dovecot.org/MailLocation/mbox
Would it be useful to make this a configurable behaviour whereby a chgrp() failure of cache files will fall back to chown'ing to user=owner, mode=0600 instead? Or just leave the user to scratch their head?
I think it's safer to let user to scratch their head than to automatically go change permissions in a way that might make things worse.
I guess what I could do is add a wiki link to that error message explaining it. How about this now:
imap(tss): Error: fchown(/home/tss/mail/.imap/INBOX/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(tss), group based on /var/mail/tss - see http://wiki2.dovecot.org/Errors/NoPerm)
On Fri, 2011-04-08 at 16:04 +0300, Timo Sirainen wrote:
imap(tss): Error: fchown(/home/tss/mail/.imap/INBOX/dovecot.index.log.newlock, group=8(mail)) failed: Operation not permitted (egid=1000(tss), group based on /var/mail/tss - see http://wiki2.dovecot.org/Errors/NoPerm)
Changed the wiki link: http://wiki2.dovecot.org/Errors/ChgrpNoPerm
participants (3)
-
Joseph Tam
-
Timo Sirainen
-
tl511