doveadm search -A tries to create mailboxes
[0:root@elmo ~]$ rpm -q dovecot dovecot-2.2.18-2.fc22.x86_64
I got a surprise today when I tried the doveadm search function from: http://wiki2.dovecot.org/Plugins/Expire
[0:root@elmo ~]$ doveadm search -A mailbox Trash savedbefore 30d doveadm(clamscan): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=982(clamscan) egid=289(clamscan) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(clamscan): Error: User init failed doveadm(nm-openconnect): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=986(nm-openconnect) egid=293(nm-openconnect) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(nm-openconnect): Error: User init failed doveadm(openvpn): Error: User initialization failed: Namespace '': mkdir(/etc/openvpn/Maildir) failed: Permission denied (euid=987(openvpn) egid=296(openvpn) missing +w perm: /etc/openvpn, dir owned by 0:0 mode=0755) doveadm(openvpn): Error: User init failed .. plus several more
I wouldn't think the search function (or any operation) would try to create mailboxes. These are system user ids that don't have or need mailboxes.
Is this correct?
Bill
On 05 Jan 2016, at 15:36, Bill Shirley Bill@knoxvillechristian.org wrote:
[0:root@elmo ~]$ rpm -q dovecot dovecot-2.2.18-2.fc22.x86_64
I got a surprise today when I tried the doveadm search function from: http://wiki2.dovecot.org/Plugins/Expire
[0:root@elmo ~]$ doveadm search -A mailbox Trash savedbefore 30d doveadm(clamscan): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=982(clamscan) egid=289(clamscan) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(clamscan): Error: User init failed doveadm(nm-openconnect): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=986(nm-openconnect) egid=293(nm-openconnect) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(nm-openconnect): Error: User init failed doveadm(openvpn): Error: User initialization failed: Namespace '': mkdir(/etc/openvpn/Maildir) failed: Permission denied (euid=987(openvpn) egid=296(openvpn) missing +w perm: /etc/openvpn, dir owned by 0:0 mode=0755) doveadm(openvpn): Error: User init failed .. plus several more
I wouldn't think the search function (or any operation) would try to create mailboxes. These are system user ids that don't have or need mailboxes.
Is this correct?
It's intentional and difficult to change. If you're using system users, you can restrict the list of users that apply to -A. I think just setting first_valid_uid high enough to not match system users' UIDs will solve it.
On 1/6/2016 3:29 PM, Timo Sirainen wrote:
On 05 Jan 2016, at 15:36, Bill Shirley Bill@knoxvillechristian.org wrote:
[0:root@elmo ~]$ rpm -q dovecot dovecot-2.2.18-2.fc22.x86_64
I got a surprise today when I tried the doveadm search function from: http://wiki2.dovecot.org/Plugins/Expire
[0:root@elmo ~]$ doveadm search -A mailbox Trash savedbefore 30d doveadm(clamscan): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=982(clamscan) egid=289(clamscan) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(clamscan): Error: User init failed doveadm(nm-openconnect): Error: User initialization failed: Namespace '': mkdir(//Maildir) failed: Permission denied (euid=986(nm-openconnect) egid=293(nm-openconnect) missing +w perm: /, dir owned by 0:0 mode=0555) doveadm(nm-openconnect): Error: User init failed doveadm(openvpn): Error: User initialization failed: Namespace '': mkdir(/etc/openvpn/Maildir) failed: Permission denied (euid=987(openvpn) egid=296(openvpn) missing +w perm: /etc/openvpn, dir owned by 0:0 mode=0755) doveadm(openvpn): Error: User init failed .. plus several more
I wouldn't think the search function (or any operation) would try to create mailboxes. These are system user ids that don't have or need mailboxes.
Is this correct?
It's intentional and difficult to change. If you're using system users, you can restrict the list of users that apply to -A. I think just setting first_valid_uid high enough to not match system users' UIDs will solve it.
Yes, I'll probably change my first_valid_uid to a higher number. Currently vmail is 399 since I've been running Linux for ages. Thankfully there is 'find'. Gotta change the MySQL table too.
I really do appreciate Dovecot and all the work that goes into it. That being said, I don't think 'search' should create any files or directories. I just wanted to see how much trash is on the system. If you wanted to check 'CorpNews' which a few users have, after running 'search' now everyone has it.
The man page doesn't mention that 'search' updates anything.
I provide this feedback because Dovecot is great software and want it to continue to be.
BTW, now I have: /var/cache/akmods/Maildir/.Trash /var/cache/akmods/Maildir/.Trash/cur /var/cache/akmods/Maildir/.Trash/dovecot-uidlist /var/cache/akmods/Maildir/.Trash/dovecot.index.log /var/cache/akmods/Maildir/.Trash/maildirfolder /var/cache/akmods/Maildir/.Trash/new /var/cache/akmods/Maildir/.Trash/tmp /var/lib/chrony/Maildir/.Trash /var/lib/chrony/Maildir/.Trash/cur /var/lib/chrony/Maildir/.Trash/dovecot-uidlist /var/lib/chrony/Maildir/.Trash/dovecot.index.log /var/lib/chrony/Maildir/.Trash/maildirfolder /var/lib/chrony/Maildir/.Trash/new /var/lib/chrony/Maildir/.Trash/tmp /var/lib/clamav/Maildir/.Trash /var/lib/clamav/Maildir/.Trash/cur /var/lib/clamav/Maildir/.Trash/dovecot-uidlist /var/lib/clamav/Maildir/.Trash/dovecot.index.log /var/lib/clamav/Maildir/.Trash/maildirfolder /var/lib/clamav/Maildir/.Trash/new /var/lib/clamav/Maildir/.Trash/tmp /var/lib/colord/Maildir/.Trash /var/lib/colord/Maildir/.Trash/cur /var/lib/colord/Maildir/.Trash/dovecot-uidlist /var/lib/colord/Maildir/.Trash/dovecot.index.log /var/lib/colord/Maildir/.Trash/maildirfolder /var/lib/colord/Maildir/.Trash/new /var/lib/colord/Maildir/.Trash/tmp /var/lib/geoclue/Maildir/.Trash /var/lib/geoclue/Maildir/.Trash/cur /var/lib/geoclue/Maildir/.Trash/dovecot-uidlist /var/lib/geoclue/Maildir/.Trash/dovecot.index.log /var/lib/geoclue/Maildir/.Trash/maildirfolder /var/lib/geoclue/Maildir/.Trash/new /var/lib/geoclue/Maildir/.Trash/tmp /var/lib/sddm/Maildir/.Trash /var/lib/sddm/Maildir/.Trash/cur /var/lib/sddm/Maildir/.Trash/dovecot-uidlist /var/lib/sddm/Maildir/.Trash/dovecot.index.log /var/lib/sddm/Maildir/.Trash/maildirfolder /var/lib/sddm/Maildir/.Trash/new /var/lib/sddm/Maildir/.Trash/tmp /var/lib/setroubleshoot/Maildir/.Trash /var/lib/setroubleshoot/Maildir/.Trash/cur /var/lib/setroubleshoot/Maildir/.Trash/dovecot-uidlist /var/lib/setroubleshoot/Maildir/.Trash/dovecot.index.log /var/lib/setroubleshoot/Maildir/.Trash/maildirfolder /var/lib/setroubleshoot/Maildir/.Trash/new /var/lib/setroubleshoot/Maildir/.Trash/tmp
Thankfully there is 'rm -rf <dir>'.
Again, many thanks, Bill
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 6 Jan 2016, Bill Shirley wrote:
The man page doesn't mention that 'search' updates anything.
SEARCH has to open the Maildir. Dovecot has the feature to create mailboxes on the fly on access, not only on write accesses. If Dovecot wouldn't, you would get lots of "Invalid Mailbox" errors, because -A enumerates users, you want to skip.
Actually, if you cannot limit -A with Timo's hints, you might try to override the userdb setting via -o command line options with a passwd-file, in which you list only "valid" users.
BTW, now I have: /var/cache/akmods/Maildir/.Trash
you probably have autocreate for Trash? But you will see Maildir for all users anyway.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVo4SM3z1H7kL/d9rAQJtRwgAiCprUdix0RuNeeET9eL/LiKhJi2bc8nV tX4VXXzCmFnhq8NkWnEOj24aFVeHNxPMXqdbDdIiEQ5zecGQhDxF02VYwTSkOdme PmSxtf8hHUWUtqx8Lqv99hz6fV+OEHHTG7Q2/ZAUHDLuDTsiARTyntZKCjKwpigb RHLJxxN8tDdtdb8Re6eN8GybyPgGIaGh+T7+oY30LeGFEO/JuQ+twmp8KxK5Zq8z Ejjk/m+QrP2uQWRG+xptzIPX10jsCsF1mPNNX/8hXJcWdQ+ohmHFRZMuHntNOTsa SNNfUuvvXl/tTtn+f25oy6qJEhlOFnj9pLVWQhS/kT+Bw/9GX7cSbA== =3mLB -----END PGP SIGNATURE-----
Yes, I have: mailbox Trash { special_use = \Trash auto = subscribe # next needs dovecot 2.2.20 # autoexpunge = 2 weeks } mailbox SystemFolders { auto = create # auto = subscribe }
However, I would think that only applies to mail delivery or POP3/IMAP access. Are you saying that all doveadm -A commands will create Maildir and 'auto=create/subscribe' folders? Why did it not create '~/Maildir/SystemFolders'? I did hit Ctrl-C as soon as I saw what doveadm was doing.
Again, I don't think SEARCH should create any directories. Maybe have a doveadm CREATE for that purpose? I am not the creator nor a developer of Dovecot; just one user with an opinion. If they think this is the correct behavior I'm fine with that.
Bill
On 1/7/2016 2:22 AM, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 6 Jan 2016, Bill Shirley wrote:
The man page doesn't mention that 'search' updates anything.
SEARCH has to open the Maildir. Dovecot has the feature to create mailboxes on the fly on access, not only on write accesses. If Dovecot wouldn't, you would get lots of "Invalid Mailbox" errors, because -A enumerates users, you want to skip.
Actually, if you cannot limit -A with Timo's hints, you might try to override the userdb setting via -o command line options with a passwd-file, in which you list only "valid" users.
BTW, now I have: /var/cache/akmods/Maildir/.Trash
you probably have autocreate for Trash? But you will see Maildir for all users anyway.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVo4SM3z1H7kL/d9rAQJtRwgAiCprUdix0RuNeeET9eL/LiKhJi2bc8nV tX4VXXzCmFnhq8NkWnEOj24aFVeHNxPMXqdbDdIiEQ5zecGQhDxF02VYwTSkOdme PmSxtf8hHUWUtqx8Lqv99hz6fV+OEHHTG7Q2/ZAUHDLuDTsiARTyntZKCjKwpigb RHLJxxN8tDdtdb8Re6eN8GybyPgGIaGh+T7+oY30LeGFEO/JuQ+twmp8KxK5Zq8z Ejjk/m+QrP2uQWRG+xptzIPX10jsCsF1mPNNX/8hXJcWdQ+ohmHFRZMuHntNOTsa SNNfUuvvXl/tTtn+f25oy6qJEhlOFnj9pLVWQhS/kT+Bw/9GX7cSbA== =3mLB -----END PGP SIGNATURE-----
On 08 Jan 2016, at 04:27, Bill Shirley Bill@knoxvillechristian.org wrote:
However, I would think that only applies to mail delivery or POP3/IMAP access. Are you saying that all doveadm -A commands will create Maildir and 'auto=create/subscribe' folders? Why did it not create '~/Maildir/SystemFolders'? I did hit Ctrl-C as soon as I saw what doveadm was doing.
Again, I don't think SEARCH should create any directories. Maybe have a doveadm CREATE for that purpose? I am not the creator nor a developer of Dovecot; just one user with an opinion. If they think this is the correct behavior I'm fine with that.
doveadm search doesn't autocreate any folders, but all mail accessing code will create the mail root directory. Whether that's good or not depends on your use case. It's safer to always create it though. That guarantees that if there are configuration mistakes, missing mountpoints or things like that the problem should get noticed immediately (due to a failing mkdir) rather than an empty mailbox provided to the user.
I think pretty much the only downside is the situation that you noticed: if userdb passwd-file is used it contains some users that aren't actually mail users. But even then not mkdiring would solve the problem only sometimes. You might want to use doveadm -A parameter for commands that actually modify the users, and those would still be failing. So I think the proper fix is to just make sure that -A matches only the actual mail users, which solves the whole issue. It could be nice to have some feature that allows filtering out specific users though, besides just having the first_valid_uid filter. Maybe something in /etc/passwd itself could control whether user would be a mail user or not, like:
userdb { driver = passwd # a) only return users with home directory prefix /home/ #args = include=home=/home/* # b) don't return users with shell set to /bin/false #args = exclude=shell=/bin/false }
participants (3)
-
Bill Shirley
-
Steffen Kaiser
-
Timo Sirainen