[Dovecot] Bizarre permissions problem
Help!
I have been using dovecot for some years with great success. A little while ago, I changed my mail server from Fedora to CentOS linux. I reinstalled dovecot, and *almost* everything seems to be working, but one thing. There's *one* user I can't get it to work on without a workaround. The user is "newuser" and the uid is 1111 (actual name and number changed to protect the innocent). The error I get in my maillog is:
The error I get in may maillog is: Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1111(newuser), group based on /var/mail/newuser) Aug 29 16:02:11 localbox dovecot: imap(newuser): Error: mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted Aug 29 16:02:11 localbox dovecot: imap(newuser): Disconnected: Logged out bytes=108/669
Now, it looks to me like dovecot is saying that the user newuser can't get to the /home/newuser/mail/.imap directory because it doesn't have permission. However, the user newuser has all the permissions it needs:
$ ls -la /home/newuser/mail
total 20 drwxrw---- 3 newuser newuser 4096 Aug 29 15:01 . drwxrw---- 6 newuser newuser 4096 Aug 29 12:16 .. drwxrwx--- 2 newuser newuser 4096 Aug 29 16:05 .imap -rw-rw---- 1 newuser newuser 499 Aug 13 07:56 saved-messages -rw-rw---- 1 newuser newuser 1756 Aug 16 11:15 sent-mail
newuser has the correct uid (1111) in /etc/dovecot/users
newuser *is* the correct uid for that user, i.e.:
$ id -u newuser 1111
the password is correct
Both my web mail package (roundcube) and my android fail. Both work fine with all other accounts that are set up for imap services.
The workaround, it turns out, is that if I make the directory /home/newuser/.imap/INBOX by hand as the user newuser, then things work. So, things seem to be working. However, I just don't understand why *this* user is having problems when none of the others are...
The only thing that sets this user apart from any of the others is that it has administration privileges for the roundcube mailer MySQL database.
Any explanations?
Thanks!
billo
On 8/29/2013 2:17 PM, Bill Oliver wrote:
Help!
The user is "newuser" and the uid is 1111 (actual name and number changed to protect the innocent).
Since you gave a fake UID, and no GID it is hard to tell. When posting, you can change the username, but leave the UID as is. If that number is so critically sensitive, then you should probably not ask your question in a public forum and instead seek assistance via more private communications.
Special UIDs-
Is the actual UID below a threshold so that the system thinks it is a system or admin user, subject to different restrictions? These thresholds vary, but 1000, 500 and 100 are common.
SELinux-
Are you running the SELinux extensions which would impose additional restrictions?
ACLs-
Do you have ACLs (filesystem or Dovecot) that would affect this user differently?
Groups-
You stated that the user is a Roundcube admin. Is the user in the same group as the rest of your normal mail users or a special group for the Roundcube functions?
Do you need to manually add the user to the group for regular mail users?
What are the group settings on your directories?
Could it be the group permissions that is giving access to most users?
Dem
participants (2)
-
Bill Oliver
-
Professa Dementia