Permissions problem with mdbox maildir
Hi! Apologies if this has come up before, or if this is a duplicate posting (I tried posting before but I think it got lost). Anyways, I'm trying to set up an IMAP server with dovecot, and everything seems to be more or less working except that I periodically see error messages like this in my logs:
Feb 18 01:01:15 stark dovecot: lmtp(31956, root@aleme.nu): Error: link(/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index, /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp) failed: Operation not permitted
I'm assuming it's a permissions problem with my maildir, but I can't figure out what the relevant process is in order to fix it. The maildir is owned by vmail with permissions set to 700; here is the output of dovecot -n:
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 fuse.encfs mail_gid = vmail mail_location = mdbox:/var/decrypted/vmail/%d/%n mail_uid = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { args = /etc/dovecot/dovecot-sql.conf.ext driver = sql } plugin { antispam_allow_append_to_spam = no antispam_dspam_args = --user;root;deliver=;--source=error;--client antispam_spam = Junk antispam_trash = Trash sieve = ~/.dovecot.sieve sieve_before = /var/lib/dovecot/sieve/before sieve_dir = ~/sieve sieve_global_dir = /var/lib/dovecot/sieve/global } protocols = " imap lmtp sieve" service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imaps { port = 993 ssl = yes } service_count = 1 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } user = vmail } ... <ssl stuff> ... userdb { args = uid=vmail gid=vmail home=/var/vmail/%d/%n driver = static } protocol lmtp { mail_plugins = " sieve" } protocol imap { mail_plugins = " antispam" }
As you can see, I'm keeping the maildir on an encfs-encrypted volume, in case that's relevant. Please let me know any ideas for why this might be happening. Thanks in advance!
Emanuel
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 18 Feb 2015, Emanuel Evans wrote:
Hi! Apologies if this has come up before, or if this is a duplicate posting (I tried posting before but I think it got lost). Anyways, I'm trying to set up an IMAP server with dovecot, and everything seems to be more or less working except that I periodically see error messages like this in my logs:
Feb 18 01:01:15 stark dovecot: lmtp(31956, root@aleme.nu): Error: link(/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index, /var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp) failed: Operation not permitted
I'm assuming it's a permissions problem with my maildir, but I can't figure out what the relevant process is in order to fix it. The maildir is owned by vmail with permissions set to 700; here is the output of dovecot -n:
# 2.1.7: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.8 fuse.encfs
userdb { args = uid=vmail gid=vmail home=/var/vmail/%d/%n driver = static }
As you can see, I'm keeping the maildir on an encfs-encrypted volume, in case that's relevant. Please let me know any ideas for why this might be happening. Thanks in advance!
Could you try what happens, if you create the hardlink manually as the vmail user _two_ times, if the first link() succeeds. Maybe:
- hard links won't work on your encfs,
- link() fails with "Operation not permitted" instead of "File exists" in your case, if the target file already exists.
Something like: sudo -u vmail ln
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVOWOwHz1H7kL/d9rAQKT/wf/VceDCyJ+R2e4lo8ZKuAg7uIKrembrtEE D73wzQcqiAkmzUXf9IbjmpUGRgwFISN3C9vrImpWbBjYad+WdV4joTB0ECCKSYN/ IdFNlZ+GG87w8Wc/3e7aLInsp83fX4COvnwih2PRs7qGAJVn4MSnaCA5ClU3quFB s7CY2oj92x1kr/kOBidw/tLeKdhscP9u8k/Ih77oQaHyN45Lwa4jIcJRNvK4/o9u UEW74QZsC3Fs9MZttsJlsHgtNtUtv2P3AjkpZ1Dwzghu66sX3T1n3RFOKNIMhNe5 mtiOP67UtR6JV2/9YvTrOrjYn1wR/zrqJe/TSKyXttpV21ljI6H87Q== =DOx5 -----END PGP SIGNATURE-----
Steffen Kaiser skdovecot@smail.inf.fh-brs.de writes:
Could you try what happens, if you create the hardlink manually as the vmail user _two_ times, if the first link() succeeds. Maybe:
- hard links won't work on your encfs,
- link() fails with "Operation not permitted" instead of "File exists" in your case, if the target file already exists.
Something like: sudo -u vmail ln
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmp
It turns out (1) was the problem—encfs doesn't allow hard links in my configuration. I've set maildir_copy_with_hardlinks to no; hopefully that will resolve the issue. Thanks so much for your help!
Emanuel Evans emanuel.evans@gmail.com writes:
Steffen Kaiser skdovecot@smail.inf.fh-brs.de writes:
Could you try what happens, if you create the hardlink manually as the vmail user _two_ times, if the first link() succeeds. Maybe:
- hard links won't work on your encfs,
- link() fails with "Operation not permitted" instead of "File exists" in your case, if the target file already exists.
Something like: sudo -u vmail ln
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmpIt turns out (1) was the problem—encfs doesn't allow hard links in my configuration. I've set maildir_copy_with_hardlinks to no; hopefully that will resolve the issue. Thanks so much for your help!
Unfortunately, even with maildir_copy_with_hardlinks set to "no", the problem still seems to persist. So my question becomes: is there a way to prevent dovecot from using hardlinks in all circumstances? (If it isn't possible, I can change my encfs setup.)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 23 Feb 2015, Emanuel Evans wrote:
Emanuel Evans emanuel.evans@gmail.com writes:
Steffen Kaiser skdovecot@smail.inf.fh-brs.de writes:
Could you try what happens, if you create the hardlink manually as the vmail user _two_ times, if the first link() succeeds. Maybe:
- hard links won't work on your encfs,
- link() fails with "Operation not permitted" instead of "File exists" in your case, if the target file already exists.
Something like: sudo -u vmail ln
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index
/var/decrypted/vmail/aleme.nu/root/mailboxes/INBOX/dbox-Mails/dovecot.index.backup.tmpIt turns out (1) was the problem—encfs doesn't allow hard links in my configuration. I've set maildir_copy_with_hardlinks to no; hopefully that will resolve the issue. Thanks so much for your help!
Unfortunately, even with maildir_copy_with_hardlinks set to "no", the problem still seems to persist. So my question becomes: is there a way to prevent dovecot from using hardlinks in all circumstances? (If it
I don't think so.
isn't possible, I can change my encfs setup.)
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVOwjOnz1H7kL/d9rAQILcQgAxA6L0gs2cPeYYrW0th8BVsU6GWs7NweS BkhZgawrAvgTxTFDna4hjG0CM57aWlDxvcGzHuVLg5Q35TijGJl+UY6OHY78v8dI dw+l2H2VQjtt2qw2tlStes2XHW3eCM+PWVz9KRYKfIZoof53kwpn16sGlDE9kde8 J5ndgXYl4ACiNZHxkjumTgX/jNg0NMADWGQZUZoPU9KEUS2MPnKC08M0BWvryiQV auOFK1ZVrrL3R9JKQ85E9yYYBfIWRFx/uY+vi7WZWlgPieaqsC3cxBYRriTVoW13 j1GflBwg6mwM0xF7kJ2iywLQzQHjCxnsrpqU+6X+sW7dfIhI5JNDhA== =txun -----END PGP SIGNATURE-----
participants (2)
-
Emanuel Evans
-
Steffen Kaiser