[Dovecot] Dovecot 2.0b3: mdbox with incorrect ACL file permissions crashes
Hi,
played around with 'mdbox' format some more. Converted my personal mailbox with latest Dovecot and dsync from HG:
dsync convert -u login@yourdomain.com mdbox:~/mdbox
One thing I noticed is, that dsync does not take care of existing 'dovecot-acl' files, which it should migrate/copy from my point of view, but simply skips them. Anyway I copied over the ACLs manually and forgot to set the rights accordingly. So the files were owned by 'root:vmail' instead of 'vmail:vmail' in my setup. Voilà Dovecot crashed, where it should really throw a warning or ignore the owner and work with the group permissions:
Mar 2 19:27:52 spectre dovecot: imap(tlx@leuxner.net): acl vfile: file /var/vmail/conf.d/leuxner.net/acls/Support/Serverloft not found Mar 2 19:27:52 spectre dovecot: imap(tlx@leuxner.net): acl vfile: no access to file /var/vmail/leuxner.net/tlx/mdbox/mailboxes/Support/Serverloft/dbox-Mails/dovecot-acl Mar 2 19:27:52 spectre dovecot: imap(tlx@leuxner.net): Panic: file acl-cache.c: line 295 (acl_cache_update_rights): assertion failed: (obj_cache->my_current_rights != &negative_cache_entry) Mar 2 19:27:52 spectre dovecot: imap(tlx@leuxner.net): Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0x7f4d8595ffb2] -> /usr/lib/dovecot/libdovecot.so.0 [0x7f4d8596001a] -> /usr/lib/dovecot/libdovecot.so.0 (i_error+0) [0x7f4d859603c3] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da690b] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da4249] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0 x7f4d84da4572] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da472e] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da2aba] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so(acl_object_get_m y_rights+0x65) [0x7f4d84da2b85] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da8fd9] -> dovecot/imap tlx@leuxner.net 84.58.106.99 STATUS [0x41149f] -> dovecot/imap t lx@leuxner.net 84.58.106.99 STATUS [0x40dc2c] -> dovecot/imap [tlx@leuxner.net 84.58.106.99 STATUS] [0x40f9bc] -> dovecot/imap [tlx@leuxner.net 84.58.106.99 STATUS] [0x40fa6d] -> dovecot/imap tlx@leuxner.net 84.58.106.99 STATUS [0x40fbe5] -> dovecot/imap tlx@leuxner.net 84.58.106.99 STATUS [0x410622] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handl er_run+0xcb) [0x7f4d8596abab] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x18) [0x7f4d85969d28] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f4d85959eb3] -> dovecot/imap tlx@leuxner.n et 84.58.106.99 STATUS [0x418661] -> /lib/libc.so.6(__libc_start_main+0xe6) [0x7f4d851e71a6] -> dovecot/imap [tlx@leuxner.net 84.58.106.99 STATUS] [0x4084e9] Mar 2 19:27:52 spectre dovecot: master: service(imap): child 30281 killed with signal 6 (core dumps disabled)
Regards Thomas
On Tue, 2010-03-02 at 19:42 +0100, Thomas Leuxner wrote:
One thing I noticed is, that dsync does not take care of existing 'dovecot-acl' files, which it should migrate/copy from my point of view, but simply skips them.
Yeah, for now anyway.. The problem is that dsync does a two-way sync, but there's really no good way to do two-way ACL sync. Another problem is that ACL is a plugin feature, so this should be done by dsync acl plugin, but dsync doesn't currently support plugins. Both of these could be fixed some day to support at least the simple conversion case.
Anyway I copied over the ACLs manually and forgot to set the rights accordingly. So the files were owned by 'root:vmail' instead of 'vmail:vmail' in my setup. Voilà Dovecot crashed, where it should really throw a warning or ignore the owner and work with the group permissions:
If dovecot-acl isn't readable, it was supposed to remove all permissions from everyone, but I had never tested that code. Fixed now.
participants (2)
-
Thomas Leuxner
-
Timo Sirainen