Dovecot sync stopped working since 2.3.18-r1 when .maildir has 700 permissions
Hello,
Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes.
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 # Hostname: www.example.com auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = www.example.xom listen = * login_greeting = Dovecot ready. mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.example.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert =
-- roughgrain.com - Mastering Mentoring +447780565902
Hello,
Please accept my apologies for not giving all the details in the original bug report. After further testing, I need to add that it is not the permissions of .mailder that cause doveadm to fail. It fails because the .maildir is a FUSE mount with access to all other users, including potentially untrusted root, restricted. This configuration worked fine until 2.3.18-r1. Has the context under which doveadm runs changed? Is there a way to make it run as the user?
roughgrain.com - Mastering Mentoring +447780565902
On 17/07/2022 11:20, Martin Kuchta wrote:
Hello,
Since upgrading to dovecot 2.3.18-r1 my sync setup using replicator plugin stopped working. It seems there is a problem accessing a .maildir with 700 permissions, only accessible by the owner. Everything worked fine prior to this version and I made no configuration changes.
# 2.3.19.1 (9b53102964): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.19 (4eae2f79) # OS: Linux 5.10.74-gentoo x86_64 Gentoo Base System release 2.8 # Hostname: www.example.com auth_mechanisms = plain login auth_username_format = %Ln doveadm_password = # hidden, use -P to show it hostname = www.example.xom listen = * login_greeting = Dovecot ready. mail_location = maildir:~/.maildir mail_plugins = notify replication managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapflags notify vnd.dovecot.pipe namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = * driver = pam } plugin { mail_replica = tcps:www.example.com:8000 sieve = file:~/sieve;active=~/.dovecot.sieve sieve_extensions = +notify +imapflags +vnd.dovecot.pipe sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe sieve_plugins = sieve_extprograms } postmaster_address = postmaster@example.com protocols = imap lmtp sieve service aggregator { fifo_listener replication-notify-fifo { mode = 0666 } unix_listener replication-notify { mode = 0666 } } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } } service doveadm { inet_listener { port = 8000 ssl = yes } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service replicator { process_min_avail = 1 unix_listener replicator-doveadm { mode = 0600 } } ssl_cert =
-- roughgrain.com - Mastering Mentoring +447780565902
participants (1)
-
Martin Kuchta