[Dovecot] Dovecot POP3 fails to chdir under FC6
I started the Dovecot POP3 server under Fedora Core 6 (rpm dovecot-1.0-1.1.rc15.fc6), but some users couldn't connect, with /var/log/maillog show the message
Jan 24 13:20:00 mmace dovecot: chdir(/branch/home/mmace) failed with uid 205: Permission denied Jan 24 13:20:00 mmace dovecot: child 18792 (pop3) returned error 89
(I had already edited first_valid_UID in /etc/dovecot.conf to allow UID's >= 200.) However, only users who had their home directory under /branch/home couldn't connect. Users with homedirs under /home connected via POP3 just fine. I found out POP3 connection failures also logged an error to /etc/messages:
Jan 24 13:20:00 mmace kernel: audit(1169662800.479:160): avc: denied { search } for pid=18792 comm="dovecot" name="/" dev=sda3 ino=2 scontext=system_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:mnt_t:s0 tclass=dir
So, selinux was the culprit. My home directories had the right selinux security context, but the root of the disk holding those home directories (/branch is a separate disk drive) had a security context (system_u:object_r:mnt_t) that Fedora's selinux rules for dovecot did not allow. I changed the context of /branch to system_u:object_r:usr_t, and dovecot POP3 access worked for all users.
participants (1)
-
James A. McDonald