permissions of newly created mailboxes only with dovecot-lda and posix acls
Hi!
I am experiencing troubles concerning the inheritance of the setgid bit if a new mailbox is created with dovecot-lda. If it is created with dovecot/imap, everything works fine.
dovecot-lda is called from postfix like this:
mailbox_command = /usr/local/sbin/postfix-lda.sh
logger -p mail.info -t postfix-lda "H: $HOME, S: $SENDER, R: $RECIPIENT, U: $(umask), id: $(/bin/id); $@" dovecot-lda -f "$SENDER" -a "$RECIPIENT" -onamespace/inbox/location=maildir:~/Maildir:LAYOUT=fs:FULLDIRNAME=__MAILBOX__
If a mailbox is created with dovecot-lda (sieve), permissions look like that:
$ ls -ld Maildir Maildir/2018-q3 Maildir/2018-q3/__MAILBOX__ drwxrws---+ 49 leo leo 4096 Jul 1 09:53 Maildir drwxrwx---+ 3 leo leo 24 Jul 1 09:40 Maildir/2018-q3 drwxrwx---+ 2 leo staff 6 Jul 1 09:40 Maildir/2018-q3/__MAILBOX__
-> The setguid bit of Maildir is not honored and dovecot complains: Jul 1 09:40:42 strike postfix-lda: H: /home/leo, S: testerl@strike.wu.ac.at, R: leo@strike.wu.ac.at, umask: 0077, id: uid=500(leo) gid=500(staff) groups=500(staff); Jul 1 09:40:42 strike dovecot: lda(leo): Error: fchown(/home/leo/Maildir/2018-q3/__MAILBOX__/cur, group=501(leo)) failed: Operation not permitted (egid=500(staff), group based on /home/leo/Maildir/2018-q3 - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm) Jul 1 09:40:42 strike dovecot: lda(leo): Error: mkdir(/home/leo/Maildir/2018-q3/__MAILBOX__/cur) failed: Operation not permitted Jul 1 09:40:42 strike dovecot: lda(leo): Error: sieve: msgid=20180701074042.1B1241CFB78@strike.wu.ac.at: failed to store into mailbox '2018-q3': Internal error occurred. Refer to server log for more information. [2018-07-01 09:40:42]
If I create a mailbox with imap, everything works as expected: $ ls -ld Maildir/permtest Maildir/permtest/__MAILBOX__ drwxrws---+ 3 leo leo 24 Jul 1 09:51 Maildir/permtest drwxrws---+ 5 leo leo 108 Jul 1 09:51 Maildir/permtest/__MAILBOX__
mkdir from a shell also works fine.
The problem seems to be connected to the Posix ACLs that are set on Maildir:
$ getfacl Maildir # file: Maildir # owner: leo # group: leo # flags: -s- user::rwx user:bergolth:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:bergolth:rwx default:group::rwx default:mask::rwx default:other::--x
If I remove all Posix ACLs using setfacl -b Maildir, creation of new mailboxes works fine also with dovecot-lda.
Why is dovecot-lda behaving differently if Posix-ACLs are set on Maildir? Any why isn't dovecot imap affected?
Any help would be greatly appreciated, I am actually clueless!
Cheers, --leo
dovecot-2.2.32-1leo.el7.centos.x86_64
dovecot-pigeonhole-2.2.32-1leo.el7.centos.x86_64
postfix-2.10.1-6.el7.x86_64
# uname -r
4.4.138-1.el7.elrepo.x86_64
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
participants (1)
-
Alexander 'Leo' Bergolth