[Dovecot] chroot lmtp, then can not open /usr/local/lib/dovecot
i want to chroot lmtp with sieve, but have some problem, look like lmtp can not load sieve's lib or something. the error message like this:
dovecot: lmtp(12799): Fatal: opendir(/usr/local/lib/dovecot) failed: No such file or directory
all is work fine, when not config lmtp chroot. can i config lmtp load sieve before chroot?
please help, and thank you.
On Sat, 2011-06-04 at 21:48 +0800, johnw wrote:
i want to chroot lmtp with sieve, but have some problem, look like lmtp can not load sieve's lib or something. the error message like this:
dovecot: lmtp(12799): Fatal: opendir(/usr/local/lib/dovecot) failed: No such file or directory
all is work fine, when not config lmtp chroot. can i config lmtp load sieve before chroot?
Not currently. Or you could put the sieve plugin inside the chroot (and maybe change protocol lmtp { mail_plugins_dir }).
On Mon, 06 Jun 2011 17:46:31 +0300, Timo Sirainen wrote:
On Sat, 2011-06-04 at 21:48 +0800, johnw wrote:
i want to chroot lmtp with sieve, but have some problem, look like lmtp can not load sieve's lib or something. the error message like this:
dovecot: lmtp(12799): Fatal: opendir(/usr/local/lib/dovecot) failed: No such file or directory
all is work fine, when not config lmtp chroot. can i config lmtp load sieve before chroot?
Not currently. Or you could put the sieve plugin inside the chroot (and maybe change protocol lmtp { mail_plugins_dir }).
after copy those sieve's thing to chroot_dir, and link the userdb socket to chroot_dir. i see the error like this:
(lmtp) Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot?
please help, and thank you.
On Mon, 2011-06-06 at 23:20 +0800, johnw wrote:
(lmtp) Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot?
protocol !lmtp { mail_chroot = /somewhere }
On 2011年06月06日 23:28, Timo Sirainen wrote:
(lmtp) Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot?
On Mon, 2011-06-06 at 23:20 +0800, johnw wrote: protocol !lmtp { mail_chroot = /somewhere }
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 50: Unknown setting: mail_chroot
On Mon, 2011-06-06 at 23:36 +0800, johnw wrote:
On 2011年06月06日 23:28, Timo Sirainen wrote:
(lmtp) Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot?
On Mon, 2011-06-06 at 23:20 +0800, johnw wrote: protocol !lmtp { mail_chroot = /somewhere }
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 50: Unknown setting: mail_chroot
Did you put it inside service lmtp {} or something? That's different from protocol lmtp {}
On 2011年06月06日 23:39, Timo Sirainen wrote:
On Mon, 2011-06-06 at 23:36 +0800, johnw wrote:
On 2011年06月06日 23:28, Timo Sirainen wrote:
(lmtp) Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot?
On Mon, 2011-06-06 at 23:20 +0800, johnw wrote: protocol !lmtp { mail_chroot = /somewhere }
doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-master.conf line 50: Unknown setting: mail_chroot Did you put it inside service lmtp {} or something? That's different from protocol lmtp {}
i added it to 20-lmtp.conf, is it correct?
## ## LMTP specific settings ##
# Support proxying to other LMTP/SMTP servers by performing passdb lookups. #lmtp_proxy = no
# When recipient address includes the detail (e.g. user+detail), try to save # the mail to the detail mailbox. See also recipient_delimiter and # lda_mailbox_autocreate settings. #lmtp_save_to_detail_mailbox = no
protocol lmtp { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve }
protocol !lmtp { mail_chroot = /var/vmail/ }
then, i still see this error in log: Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
On Tue, 2011-06-07 at 00:02 +0800, johnw wrote:
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot? protocol !lmtp { mail_chroot = /somewhere }
i added it to 20-lmtp.conf, is it correct?
It doesn't matter where you add it, as long as the "doveconf -n" output looks correct.
protocol !lmtp { mail_chroot = /var/vmail/ }
Looks right.
then, i still see this error in log: Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
Is there another mail_chroot setting elsewhere? The important thing is that when you do:
doveconf mail_chroot
it shows the chroot, but when you do:
doveconf -f protocol=lmtp mail_chroot
the result should be empty.
On 2011年06月07日 00:09, Timo Sirainen wrote:
On Tue, 2011-06-07 at 00:02 +0800, johnw wrote:
i already config mail_chroot, should i remove it?(mail_chroot) any how-to document is for lmtp chroot? protocol !lmtp { mail_chroot = /somewhere }
i added it to 20-lmtp.conf, is it correct? It doesn't matter where you add it, as long as the "doveconf -n" output looks correct.
protocol !lmtp { mail_chroot = /var/vmail/ } Looks right.
then, i still see this error in log: Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user Is there another mail_chroot setting elsewhere? The important thing is that when you do:
doveconf mail_chroot
it shows the chroot, but when you do:
doveconf -f protocol=lmtp mail_chroot
the result should be empty.
when i have mail_chroot = /var/vmail/ in 10-mail.conf both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same: mail_chroot = /var/vmail/
when i remove mail_chroot = /var/vmail/ in 10-mail.conf both result is empty: mail_chroot =
i have only one mail_chroot setting in 10-mail.conf, but i also have valid_chroot_dirs = /var/vmail/. is it matter?
On 6.6.2011, at 19.32, johnw wrote:
Is there another mail_chroot setting elsewhere? The important thing is that when you do:
doveconf mail_chroot
it shows the chroot, but when you do:
doveconf -f protocol=lmtp mail_chroot
the result should be empty.
when i have mail_chroot = /var/vmail/ in 10-mail.conf both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same: mail_chroot = /var/vmail/
when i remove mail_chroot = /var/vmail/ in 10-mail.conf both result is empty: mail_chroot =
Put that mail_chroot setting inside the protocol !lmtp {} section. The settings don't have any hard coded places in the config files. You can put anything anywhere..
i have only one mail_chroot setting in 10-mail.conf, but i also have valid_chroot_dirs = /var/vmail/. is it matter?
valid_chroot_dirs is ignored when mail_chroot is set.
On 2011年06月07日 00:42, Timo Sirainen wrote:
On 6.6.2011, at 19.32, johnw wrote:
Is there another mail_chroot setting elsewhere? The important thing is that when you do:
doveconf mail_chroot
it shows the chroot, but when you do:
doveconf -f protocol=lmtp mail_chroot
the result should be empty.
when i have mail_chroot = /var/vmail/ in 10-mail.conf both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same: mail_chroot = /var/vmail/
when i remove mail_chroot = /var/vmail/ in 10-mail.conf both result is empty: mail_chroot = Put that mail_chroot setting inside the protocol !lmtp {} section. The settings don't have any hard coded places in the config files. You can put anything anywhere..
yes, i did it (put the mail_chroot inside the protocol !lmtp { mail_chroot = /var/vmail/ } and no mail_chroot anywhere.
but the both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same empty: mail_chroot =
then i retry add the mail_chroot = /var/vmail/ in (somewhere)10-mail.conf(i know it can be anywhere), and still have protocol !lmtp { mail_chroot = /var/vmail/ } then the both result is same: mail_chroot = /var/vmail/
i mean the protocol !lmtp { mail_chroot = /var/vmail/ }, look like not working.
On 6.6.2011, at 19.59, johnw wrote:
yes, i did it (put the mail_chroot inside the protocol !lmtp { mail_chroot = /var/vmail/ } and no mail_chroot anywhere.
but the both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same empty: mail_chroot =
Oh, looks like doveconf didn't work exactly as I thought :) Small modification to the test then:
doveconf -f protocol=imap mail_chroot doveconf -f protocol=lmtp mail_chroot
Now it should show the chroot with imap, but not with lmtp.
On 2011年06月07日 02:41, Timo Sirainen wrote:
On 6.6.2011, at 19.59, johnw wrote:
yes, i did it (put the mail_chroot inside the protocol !lmtp { mail_chroot = /var/vmail/ } and no mail_chroot anywhere.
but the both doveconf mail_chroot and doveconf -f protocol=lmtp mail_chroot result is same empty: mail_chroot = Oh, looks like doveconf didn't work exactly as I thought :) Small modification to the test then:
doveconf -f protocol=imap mail_chroot doveconf -f protocol=lmtp mail_chroot
Now it should show the chroot with imap, but not with lmtp.
yes, like you said
root@shell:[/etc/dovecot/conf.d]# doveconf -f protocol=imap mail_chroot mail_chroot = /var/vmail/ root@shell:[/etc/dovecot/conf.d]# doveconf -f protocol=lmtp mail_chroot mail_chroot =
but still have the error Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
and lmtp can not delivery mail
On Tue, 2011-06-07 at 19:19 +0800, johnw wrote:
Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
and lmtp can not delivery mail
This'll fix it: http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
Also remove the protocol !lmtp {} around mail_chroot. Looks like I already had code that was supposed to handle it, but I had forgotten about it and I had never tested it.
On 2011年06月07日 21:13, Timo Sirainen wrote:
On Tue, 2011-06-07 at 19:19 +0800, johnw wrote:
Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
and lmtp can not delivery mail This'll fix it: http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
Also remove the protocol !lmtp {} around mail_chroot. Looks like I already had code that was supposed to handle it, but I had forgotten about it and I had never tested it.
after apply the patch with 2.0.13, and remove the protocol !lmtp {}, the error like this:
Couldn't drop privileges: Process is already chrooted to /var/vmail, can't chroot to /var/vmail/
and lmtp still can not delivery mail
On Tue, 2011-06-07 at 22:02 +0800, johnw wrote:
On 2011年06月07日 21:13, Timo Sirainen wrote:
On Tue, 2011-06-07 at 19:19 +0800, johnw wrote:
Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
and lmtp can not delivery mail This'll fix it: http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
Also remove the protocol !lmtp {} around mail_chroot. Looks like I already had code that was supposed to handle it, but I had forgotten about it and I had never tested it.
after apply the patch with 2.0.13, and remove the protocol !lmtp {}, the error like this:
Couldn't drop privileges: Process is already chrooted to /var/vmail, can't chroot to /var/vmail/
and lmtp still can not delivery mail
The trick is to make the strings equal :) mail_chroot = /var/mail without the trailing /.
On 2011年06月07日 22:15, Timo Sirainen wrote:
On Tue, 2011-06-07 at 22:02 +0800, johnw wrote:
On 2011年06月07日 21:13, Timo Sirainen wrote:
On Tue, 2011-06-07 at 19:19 +0800, johnw wrote:
Couldn't drop privileges: Process is already chrooted, can't un-chroot for this user
and lmtp can not delivery mail This'll fix it: http://hg.dovecot.org/dovecot-2.0/rev/ed05316ed441
Also remove the protocol !lmtp {} around mail_chroot. Looks like I already had code that was supposed to handle it, but I had forgotten about it and I had never tested it.
after apply the patch with 2.0.13, and remove the protocol !lmtp {}, the error like this:
Couldn't drop privileges: Process is already chrooted to /var/vmail, can't chroot to /var/vmail/
and lmtp still can not delivery mail The trick is to make the strings equal :) mail_chroot = /var/mail without the trailing /.
Ok, i change mail_chroot = /var/vmail/ to mail_chroot = /var/vmail now, lmtp can delivery mail with chroot.
thank you.
participants (2)
-
johnw
-
Timo Sirainen