Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wednesday 20 May 2009 01:20:37 you wrote:
On Tue, 2009-05-19 at 13:35 +0530, Kenneth Gonsalves wrote:
May 19 09:16:10 greenchilly dovecot: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied
..
I have looked at the archives and see that the problem has been reported before, but cannot find any solution. Dovecot as LDA has no problem accessing and writing mails to the directory as UID 5000. I suspect that it is trying to access some other directory and the error message is misleading. The directory /home/vmail/example.com/john is owned by user vmail with UID 5000. Any clues?
And all the directories before that are also available for that user?
yes
Are you using NFS? Are you using SELinux or something?
no
Anyway that chdir() syscall really failed with that error message. The reason for that is less clear then.. v1.1+ would give a much nicer error message here telling exactly what is wrong..
I have installed version 1.1.13, here is the mail log:
May 20 10:33:54 greenchilly dovecot: auth(default): new auth connection: pid=1181 May 20 10:34:07 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=42418^Iresp=<hidden> May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): lookup service=dovecot May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): #1/1 style=1 msg=Password: May 20 10:34:10 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): sql(john@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='john@example.com'; May 20 10:34:10 greenchilly dovecot: auth(default): client out: OK^I1^Iuser=john@example.com May 20 10:34:10 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1166^I1 May 20 10:34:10 greenchilly dovecot: auth(default): passwd(john@example.com,127.0.0.1): lookup May 20 10:34:10 greenchilly dovecot: auth(default): passwd(john@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): master out: USER^I3^Ijohn@example.com^Iuid=5000^Igid=5000^Ihome=/home/vmail/example.com/john May 20 10:34:10 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 10:34:10 greenchilly dovecot: child 1182 (pop3) returned error 89 (Fatal failure) May 20 10:34:10 greenchilly dovecot: pop3-login: Login: user=john@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
and here is the session info:
lawgon@greenchilly:~$ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready. user john@example.com +OK pass summersun +OK Logged in. Connection closed by foreign host.
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Wednesday 20 May 2009 16:58:22 Kenneth Gonsalves wrote:
no
Anyway that chdir() syscall really failed with that error message. The reason for that is less clear then.. v1.1+ would give a much nicer error message here telling exactly what is wrong..
I have installed version 1.1.13, here is the mail log:
that log is a little confused as it is looking for PAM authentication also. After commenting out the PAM lines in the conf, I get this:
May 20 14:02:40 greenchilly dovecot: auth(default): new auth connection: pid=1634 May 20 14:02:54 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=43572^Iresp=<hidden> May 20 14:02:54 greenchilly dovecot: auth(default): sql(john@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='john@example.com'; May 20 14:02:55 greenchilly dovecot: auth(default): client out: OK^I1^Iuser=john@example.com May 20 14:02:55 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1453^I1 May 20 14:02:55 greenchilly dovecot: auth(default): master out: USER^I3^Ijohn@example.com^Iuid=5000^Igid=5000^Ihome=/home/vmail/example.com/john May 20 14:02:55 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 14:02:55 greenchilly dovecot: pop3-login: Login: user=john@example.com, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 14:02:55 greenchilly dovecot: child 1635 (pop3) returned error 89 (Fatal failure)
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 20 May 2009, Kenneth Gonsalves wrote:
Well, there are lots of "permission denied" problems lately.
Are you really absolutely sure that user with uid 5000 may chdir into /home/vmail/example.com/john ??
I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell is a real shell, so (as root) # su user -c "echo OK" displays "OK", then do as root #
su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)'
(and revert what you've did for testing on success)
Do run some protection stuff, e.g. SELinux or AppArmor or the like? Dovecot setuid()'s to uid 5000, then chdir()s there. Such stuff may prohibit this.
Or, do you have ACLs enabled in the filesystem? Or do you use a remote filesystem, which permissions probably lie to the client.
Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w? No dead sym links, etc.pp?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBShQDYHWSIuGy1ktrAQLywwgAkuZ8+Z6zHxpghYckbBtKGl9KWmFoB5g8 vTTNjb9Vtclrva3cPQmugW5h8hsgwl4amz3Pm0w37/XjBbzGVEBX/BSUidc0Q10y pEa3praPPnasnPmp5lxRvY/dZLUSLVuOgNR4HGGt8lz5O0T3EbUUi9ryOR5wY2kJ GvZXL+JSXlf7uJlvqFZfdBjhFjMCEWa4QeUCE9K+W/mLX4wzRuUzel3svOjLDU90 4TE06v+pka+hi5uNAq3O2JcOkgunuQZytPZpxJu5kIpwfJwwnKwcVTs+uungRKQH 2c/O2Py3eSeRv1AlR3cdrbvGp4jzqDMVs/ZL4WfUME3f98I51cSqSA== =LpH0 -----END PGP SIGNATURE-----
On Wednesday 20 May 2009 18:49:25 Steffen Kaiser wrote:
Well, there are lots of "permission denied" problems lately.
Are you really absolutely sure that user with uid 5000 may chdir into /home/vmail/example.com/john ??
I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell is a real shell, so (as root) # su user -c "echo OK" displays "OK", then do as root #
su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)'
greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john
(and revert what you've did for testing on success)
Do run some protection stuff, e.g. SELinux or AppArmor or the like? Dovecot setuid()'s to uid 5000, then chdir()s there. Such stuff may prohibit this.
no - and note that I use dovecot for LDA and dovecot as vmail has no problem delivering mail (which means it can read and write in that directory)
Or, do you have ACLs enabled in the filesystem? Or do you use a remote filesystem, which permissions probably lie to the client.
no - of course this is a VPS on a Gandi xen setup, but I do not see how anything is affected by this
Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w?
yes
No dead sym links, etc.pp?
no.
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Thursday 21 May 2009 12:15:12 Kenneth Gonsalves wrote:
On Wednesday 20 May 2009 18:49:25 Steffen Kaiser wrote:
Well, there are lots of "permission denied" problems lately.
Are you really absolutely sure that user with uid 5000 may chdir into /home/vmail/example.com/john ??
I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell is a real shell, so (as root) # su user -c "echo OK" displays "OK", then do as root #
su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)'
greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john
I also did a chmod o+r on /home, /home/vmail, /home/vmail/example.com and /home/vmail/example.com/john
still the same error.
regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On May 21, 2009, at 2:58 AM, Kenneth Gonsalves wrote:
greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/ john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john
I also did a chmod o+r on /home, /home/vmail, /home/vmail/ example.com and /home/vmail/example.com/john
chdir() wants +x, not +r.
On Thursday 21 May 2009 12:50:05 Timo Sirainen wrote:
I also did a chmod o+r on /home, /home/vmail, /home/vmail/ example.com and /home/vmail/example.com/john
chdir() wants +x, not +r.
that doesn't work either
regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Wed, 2009-05-20 at 16:58 +0530, Kenneth Gonsalves wrote:
Anyway that chdir() syscall really failed with that error message. The reason for that is less clear then.. v1.1+ would give a much nicer error message here telling exactly what is wrong..
I have installed version 1.1.13, here is the mail log:
Sorry, it was actually only v1.2+ that gave the better error message. Anyway, do as Steffen said, make sure the UID 5000 really can chdir there.
participants (3)
-
Kenneth Gonsalves
-
Steffen Kaiser
-
Timo Sirainen