Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wednesday 20 May 2009 01:20:37 you wrote:
yes
Are you using NFS? Are you using SELinux or something?
no
I have installed version 1.1.13, here is the mail log:
May 20 10:33:54 greenchilly dovecot: auth(default): new auth connection: pid=1181 May 20 10:34:07 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=42418^Iresp=<hidden> May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): lookup service=dovecot May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): #1/1 style=1 msg=Password: May 20 10:34:10 greenchilly dovecot: auth-worker(default): pam(john@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): sql(john@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='john@example.com'; May 20 10:34:10 greenchilly dovecot: auth(default): client out: OK^I1^Iuser=john@example.com May 20 10:34:10 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1166^I1 May 20 10:34:10 greenchilly dovecot: auth(default): passwd(john@example.com,127.0.0.1): lookup May 20 10:34:10 greenchilly dovecot: auth(default): passwd(john@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): master out: USER^I3^Ijohn@example.com^Iuid=5000^Igid=5000^Ihome=/home/vmail/example.com/john May 20 10:34:10 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 10:34:10 greenchilly dovecot: child 1182 (pop3) returned error 89 (Fatal failure) May 20 10:34:10 greenchilly dovecot: pop3-login: Login: user=<john@example.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured
and here is the session info:
lawgon@greenchilly:~$ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready. user john@example.com +OK pass summersun +OK Logged in. Connection closed by foreign host.
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Wednesday 20 May 2009 16:58:22 Kenneth Gonsalves wrote:
that log is a little confused as it is looking for PAM authentication also. After commenting out the PAM lines in the conf, I get this:
May 20 14:02:40 greenchilly dovecot: auth(default): new auth connection: pid=1634 May 20 14:02:54 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=43572^Iresp=<hidden> May 20 14:02:54 greenchilly dovecot: auth(default): sql(john@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='john@example.com'; May 20 14:02:55 greenchilly dovecot: auth(default): client out: OK^I1^Iuser=john@example.com May 20 14:02:55 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1453^I1 May 20 14:02:55 greenchilly dovecot: auth(default): master out: USER^I3^Ijohn@example.com^Iuid=5000^Igid=5000^Ihome=/home/vmail/example.com/john May 20 14:02:55 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 14:02:55 greenchilly dovecot: pop3-login: Login: user=<john@example.com>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 14:02:55 greenchilly dovecot: child 1635 (pop3) returned error 89 (Fatal failure)
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 20 May 2009, Kenneth Gonsalves wrote:
Well, there are lots of "permission denied" problems lately.
Are you really absolutely sure that user with uid 5000 may chdir into /home/vmail/example.com/john ??
I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell is a real shell, so (as root) # su user -c "echo OK" displays "OK", then do as root #
su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)'
(and revert what you've did for testing on success)
Do run some protection stuff, e.g. SELinux or AppArmor or the like? Dovecot setuid()'s to uid 5000, then chdir()s there. Such stuff may prohibit this.
Or, do you have ACLs enabled in the filesystem? Or do you use a remote filesystem, which permissions probably lie to the client.
Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w? No dead sym links, etc.pp?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBShQDYHWSIuGy1ktrAQLywwgAkuZ8+Z6zHxpghYckbBtKGl9KWmFoB5g8 vTTNjb9Vtclrva3cPQmugW5h8hsgwl4amz3Pm0w37/XjBbzGVEBX/BSUidc0Q10y pEa3praPPnasnPmp5lxRvY/dZLUSLVuOgNR4HGGt8lz5O0T3EbUUi9ryOR5wY2kJ GvZXL+JSXlf7uJlvqFZfdBjhFjMCEWa4QeUCE9K+W/mLX4wzRuUzel3svOjLDU90 4TE06v+pka+hi5uNAq3O2JcOkgunuQZytPZpxJu5kIpwfJwwnKwcVTs+uungRKQH 2c/O2Py3eSeRv1AlR3cdrbvGp4jzqDMVs/ZL4WfUME3f98I51cSqSA== =LpH0 -----END PGP SIGNATURE-----
On Wednesday 20 May 2009 18:49:25 Steffen Kaiser wrote:
greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john
no - and note that I use dovecot for LDA and dovecot as vmail has no problem delivering mail (which means it can read and write in that directory)
Or, do you have ACLs enabled in the filesystem? Or do you use a remote filesystem, which permissions probably lie to the client.
no - of course this is a VPS on a Gandi xen setup, but I do not see how anything is affected by this
Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w?
yes
No dead sym links, etc.pp?
no.
-- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Thursday 21 May 2009 12:15:12 Kenneth Gonsalves wrote:
I also did a chmod o+r on /home, /home/vmail, /home/vmail/example.com and /home/vmail/example.com/john
still the same error.
regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Thursday 21 May 2009 12:50:05 Timo Sirainen wrote:
that doesn't work either
regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
On Wed, 2009-05-20 at 16:58 +0530, Kenneth Gonsalves wrote:
Sorry, it was actually only v1.2+ that gave the better error message. Anyway, do as Steffen said, make sure the UID 5000 really can chdir there.
participants (3)
-
Kenneth Gonsalves
-
Steffen Kaiser
-
Timo Sirainen