[Dovecot] fchown() error with Public Folders
I was able to get public folders to work with a dedicated account for the hierarchy and ACL's for individual users.
I have location defined so that each user has a local index and control files
location = maildir:/usr/mail/public/cs/mail:CONTROL=~/Maildir/CS:INDEX=~/Maildir/CS
Now i am seeing the folliwing error in the logs.
dovecot: IMAP(stephen): fchown() failed with file /home/stephen/Maildir/CS/.Incoming/dovecot.index.log: Operation not permitted
As I understand it, dovecot runs as root but the the IMAP process that servicers the request runs as the user so naturally the fchown() fails. However it seems the file is never even created. It there someting I need to do to get this to work?
I am using 1.1.7
1.1.7: /etc/dovecot.conf
OS: Linux 2.6.18-92.1.10.el5 x86_64 CentOS release 5.2 (Final)
protocols: imaps ssl_cert_file: /etc/pki/dovecot/certs/scacifs02-lnx.dovecot.crt ssl_key_file: /etc/pki/dovecot/private/scacifs02-lnx.dovecot.key login_dir: /var/run/dovecot/login login_executable: /usr/libexec/dovecot/imap-login mail_location: maildir:~/Maildir mbox_write_locks: fcntl namespace: type: private separator: / inbox: yes list: yes subscriptions: yes namespace: type: public separator: / prefix: CS/ location: maildir:/usr/mail/public/cs/mail:CONTROL=~/Maildir/CS:INDEX=~/Maildir/CS list: yes auth default: passdb: driver: pam userdb: driver: passwd-file args: /etc/imap.passwd
-- Stephen Carville
I checked the website and 1.1.11 is the latest stable version. I upgraded but the error persists.
-- Stephen Carville
On Thu, 2009-03-12 at 11:11 -0700, Stephen Carville wrote:
dovecot: IMAP(stephen): fchown() failed with file /home/stephen/Maildir/CS/.Incoming/dovecot.index.log: Operation not permitted
As I understand it, dovecot runs as root but the the IMAP process that servicers the request runs as the user so naturally the fchown() fails.
fchown() only tries to change the group, not the owner. It's possible to make it succeed by making the process belong to the group.
Do you have dovecot-shared file in the .Incoming/ directory? Dovecot tries to use that file's group. If you don't want it to do that, you can chmod g+s dovecot-shared and it's not preserved.
On Fri, Mar 13, 2009 at 2:20 PM, Timo Sirainen <tss@iki.fi> wrote:
On Thu, 2009-03-12 at 11:11 -0700, Stephen Carville wrote:
dovecot: IMAP(stephen): fchown() failed with file /home/stephen/Maildir/CS/.Incoming/dovecot.index.log: Operation not permitted
As I understand it, dovecot runs as root but the the IMAP process that servicers the request runs as the user so naturally the fchown() fails.
fchown() only tries to change the group, not the owner. It's possible to make it succeed by making the process belong to the group.
That explains a lot. thank you.
Do you have dovecot-shared file in the .Incoming/ directory? Dovecot tries to use that file's group. If you don't want it to do that, you can chmod g+s dovecot-shared and it's not preserved.
I have dovecot-shared in the directory. The part that kept throwing me was that the user was a member if the group (cs). I finally discovered that adding a user to the group must be accompanied by adding userdb_system_user=username to the imap.passwd file.
-- Stephen Carville
On Mar 16, 2009, at 2:06 AM, Stephen Carville wrote:
Do you have dovecot-shared file in the .Incoming/ directory? Dovecot tries to use that file's group. If you don't want it to do that,
you can chmod g+s dovecot-shared and it's not preserved.I have dovecot-shared in the directory. The part that kept throwing me was that the user was a member if the group (cs). I finally discovered that adding a user to the group must be accompanied by adding userdb_system_user=username to the imap.passwd file.
Yes, if all your users are also system users. Another possibility
would have been to set userdb_mail_access_groups=groupname. Or just
change the primary gid to that group.
Dear all,
My problem is below:
- quota for user "Demo" is 3MB and Demo maildir is now 2.2MB
- then I sent an email with attachment (600KB) to demo@
- I relogin to account Demo but nothing changed (maildirsize in Maildir still not changed)
- then I DELETE the maildirsize file and relogin, the maildirsize is now updated.
---> however that's what not I expected as I should delete the maildirsize, I wonder why the maildirsize file is not updated right after an incoming email or after I relogin...?
Did I made something wrong?
Below is my dovecot config:
dovecot -n
1.1.11: /etc/dovecot.conf
OS: Linux 2.6.18-92.el5 i686 CentOS release 5.2 (Final) ext3
log_path: /var/log/dovecot.log.quota.0313 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login mail_gid: 100 mail_location: maildir:/home/%u/Maildir mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 imap_client_workarounds(default): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(imap): delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep imap_client_workarounds(pop3): auth default: verbose: yes debug: yes passdb: driver: ldap args: /etc/dovecot-ldap.conf userdb: driver: ldap args: /etc/dovecot-ldap.conf plugin: quota: maildir:User quota quota_rule: *:storage=5G quota_warning: storage=80%% /usr/local/bin/quota-warning.sh 80 quota_warning2: storage=82%% /usr/local/bin/quota-warning.sh 82 quota_warning3: storage=84%% /usr/local/bin/quota-warning.sh 84
[root@smail Maildir]# grep -v '^ *\(#.*\)\?$' /etc/dovecot-ldap.conf hosts = ldaphost.tma.com.vn dn = cn=Administrator,dc=tma,dc=com,dc=vn dnpass = secret auth_bind = yes auth_bind_userdn = uid=%u,ou=Users,dc=tma,dc=com,dc=vn ldap_version = 3 base = ou=Users,dc=tma,dc=com,dc=vn scope = subtree user_attrs = homeDirectory=home,uid=uid,mailQuota=quota_rule=*:storage=%$M user_filter = (&(objectClass=posixAccount)(uid=%u)) pass_attrs = uid=user,userPassword=password pass_filter = (&(objectClass=posixAccount)(uid=%u)) default_pass_scheme = CRYPT
Manipulation in Maildir
// there is nochange when login after receiving an email [root@mail Maildir]# cat maildirsize 3145728S 2246642 149
//remove maildirsize [root@mail Maildir]# rm maildirsize [root@mail Maildir]# cat maildirsize cat: maildirsize: No such file or directory
// relogin [root@mail Maildir]# cat maildirsize 3145728S 2897371 152
Thanks for your response. Regards, Thu NGUYEN.
On Mar 16, 2009, at 4:03 AM, Thu NGUYEN wrote:
My problem is below:
- quota for user "Demo" is 3MB and Demo maildir is now 2.2MB
- then I sent an email with attachment (600KB) to demo@
This is where the maildirsize should be updated. What do you use as
your MDA? Not Dovecot's deliver I suppose? You need to be using an MDA
that supports maildirsize updates, preferrably deliver.
BTW. Please don't post new mails by replying to an existing one. It
messes up threading.
I'm sorry! I didn't intend to merge in this message.
I'm using sendmail and the MDA is procmail. Is that supported the maildirsize update or I should set up the dovecot's deliver?
Regards, Thu NGUYEN.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, March 16, 2009 11:53 PM To: Thu NGUYEN Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] [Dovecot 1.1.11] Dovecot cannot refresh the maildirsize
On Mar 16, 2009, at 4:03 AM, Thu NGUYEN wrote:
My problem is below:
- quota for user "Demo" is 3MB and Demo maildir is now 2.2MB
- then I sent an email with attachment (600KB) to demo@
This is where the maildirsize should be updated. What do you use as
your MDA? Not Dovecot's deliver I suppose? You need to be using an MDA
that supports maildirsize updates, preferrably deliver.
BTW. Please don't post new mails by replying to an existing one. It
messes up threading.
procmail doesn't support maildirsize updates, so that's the problem.
Switching to deliver would solve it. Also even if you use some other
MDA that supports maildirsize updates, they don't support the quota
warnings you configured, only deliver will do that.
On Mar 16, 2009, at 12:57 PM, Thu NGUYEN wrote:
I'm sorry! I didn't intend to merge in this message.
I'm using sendmail and the MDA is procmail. Is that supported the maildirsize update or I should set up the dovecot's deliver?
Regards, Thu NGUYEN.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, March 16, 2009 11:53 PM To: Thu NGUYEN Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] [Dovecot 1.1.11] Dovecot cannot refresh the maildirsize
On Mar 16, 2009, at 4:03 AM, Thu NGUYEN wrote:
My problem is below:
- quota for user "Demo" is 3MB and Demo maildir is now 2.2MB
- then I sent an email with attachment (600KB) to demo@
This is where the maildirsize should be updated. What do you use as your MDA? Not Dovecot's deliver I suppose? You need to be using an MDA that supports maildirsize updates, preferrably deliver.
BTW. Please don't post new mails by replying to an existing one. It messes up threading.
Thanks Timo, I will try switching to deliver.
Regards, Thu NGUYEN.
-----Original Message----- From: dovecot-bounces+ntathu=tma.com.vn@dovecot.org [mailto:dovecot-bounces+ntathu=tma.com.vn@dovecot.org] On Behalf Of Timo Sirainen Sent: Tuesday, March 17, 2009 12:00 AM To: Thu NGUYEN Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] [Dovecot 1.1.11] Dovecot cannot refresh the maildirsize
procmail doesn't support maildirsize updates, so that's the problem.
Switching to deliver would solve it. Also even if you use some other
MDA that supports maildirsize updates, they don't support the quota
warnings you configured, only deliver will do that.
On Mar 16, 2009, at 12:57 PM, Thu NGUYEN wrote:
I'm sorry! I didn't intend to merge in this message.
I'm using sendmail and the MDA is procmail. Is that supported the maildirsize update or I should set up the dovecot's deliver?
Regards, Thu NGUYEN.
-----Original Message----- From: Timo Sirainen [mailto:tss@iki.fi] Sent: Monday, March 16, 2009 11:53 PM To: Thu NGUYEN Cc: 'Dovecot Mailing List' Subject: Re: [Dovecot] [Dovecot 1.1.11] Dovecot cannot refresh the maildirsize
On Mar 16, 2009, at 4:03 AM, Thu NGUYEN wrote:
My problem is below:
- quota for user "Demo" is 3MB and Demo maildir is now 2.2MB
- then I sent an email with attachment (600KB) to demo@
This is where the maildirsize should be updated. What do you use as your MDA? Not Dovecot's deliver I suppose? You need to be using an MDA that supports maildirsize updates, preferrably deliver.
BTW. Please don't post new mails by replying to an existing one. It messes up threading.
On Sun, Mar 15, 2009 at 11:34 PM, Timo Sirainen <tss@iki.fi> wrote:
On Mar 16, 2009, at 2:06 AM, Stephen Carville wrote:
Do you have dovecot-shared file in the .Incoming/ directory? Dovecot tries to use that file's group. If you don't want it to do that, you can chmod g+s dovecot-shared and it's not preserved.
I have dovecot-shared in the directory. The part that kept throwing me was that the user was a member if the group (cs). I finally discovered that adding a user to the group must be accompanied by adding userdb_system_user=username to the imap.passwd file.
Yes, if all your users are also system users. Another possibility would have been to set userdb_mail_access_groups=groupname. Or just change the primary gid to that group.
I considered that but I cannot be sure that there will just be one group. I am trying to recreate a public folder structure that is being used fro work flow management and is implemented using Exchange. Right now every user in the company has read/write access to every public folder and I was told to change that on the IMAP server so there may be two or three different groups. To be honest I am not very optimistic about the prognosis since I have to use Outlook as the IMAP client.
No matter, that -- Even if the project here flops I know enough now that I can migrate other clients from courier to dovecot when the time comes. That alone made the time worth it.
-- Stephen Carville
On Wed, 2009-03-18 at 12:15 -0700, Stephen Carville wrote:
Yes, if all your users are also system users. Another possibility would have been to set userdb_mail_access_groups=groupname. Or just change the primary gid to that group.
I considered that but I cannot be sure that there will just be one group.
You can have multiple:
userdb_mail_access_groups=group1,group2,group3
participants (3)
-
Stephen Carville
-
Thu NGUYEN
-
Timo Sirainen