Problem with Pigeonhole/Sieve
Hi,
I am trying to configure Pigeonhole to get filters in RoundCube working. Unfortunately I am getting following error in DoveCot log instead:
May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) May 01 14:36:36 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:36:36 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 15:17:08 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 15:17:08 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750)
Above appears in log, when I am trying to access filters configuration in RC or manually connecting to sieve using telnet.
My DoveCot configuration:
# 2.2.27 (c0f36b0): /usr/local/dovecot/etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 4.4.38 x86_64 Slackware 14.2 ext4 debug_log_path = /var/log/dovecot/dovecot-debug.log first_valid_gid = 12 first_valid_uid = 8 info_log_path = /var/log/dovecot/dovecot-info.log last_valid_gid = 12 last_valid_uid = 8 listen = *, [::] log_path = /var/log/dovecot/dovecot.log mail_location = maildir:/var/mail/%d/%n managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocols = imap pop3 sieve service auth { user = dovecot } service imap-login { user = dovecot } service pop3-login { user = dovecot } ssl_cert = </etc/letsencrypt/live/domain/fullchain.pem ssl_cipher_list = ALL:!ADH:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL:+HIGH:+MEDIUM ssl_key = # hidden, use -P to show it userdb { driver = prefetch } verbose_proctitle = yes protocol pop3 { pop3_uidl_format = %08Xu%08Xv }
What could be a reason of that?
-- skype. kamil.kapturkiewicz tel/whatsapp. +44 758 306 8467
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 1 May 2017, Kamil Kapturkiewicz wrote:
Unfortunately I am getting following error in DoveCot log instead:
May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750)
this error is pretty clear:
Directory "/" cannot be accessed by user 248:248
looks like a chroot'ed environment? Anyway, either:
- the accessing user ID of 248:248 is wrong,
- the owning user 0:202 is wrong or
- the access permissions should include "chmod o+x /"
May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill)
This shouldn't happen.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37 Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5 u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w== =sg2z -----END PGP SIGNATURE-----
Hi Steffen,
248 is a dovecot, 202 is dovenull, both users are in theirs groups across. If I change ownership of /usr/local/dovecot to dovecot.dovecot, then dovecot is correcting it to root.root for some reason. Does it mean that dovecot should be running as root only?
What does it mean / here? is it / in filesystem or it is / for dovecot in /usr/local/dovecot ?
May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) this was caused by restarting of Dovecot.
On 02/05/17 09:13, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 1 May 2017, Kamil Kapturkiewicz wrote:
Unfortunately I am getting following error in DoveCot log instead:
May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750)
this error is pretty clear:
Directory "/" cannot be accessed by user 248:248
looks like a chroot'ed environment? Anyway, either:
- the accessing user ID of 248:248 is wrong,
- the owning user 0:202 is wrong or
- the access permissions should include "chmod o+x /"
May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill)
This shouldn't happen.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37 Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5 u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w== =sg2z -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 2 May 2017, Kamil Kapturkiewicz wrote:
248 is a dovecot, 202 is dovenull, both users are in theirs groups across. If I change ownership of /usr/local/dovecot to dovecot.dovecot, then dovecot is correcting it to root.root for some reason. Does it mean that dovecot should be running as root only?
you do not seem to run a root-less system, see https://wiki.dovecot.org/HowTo/Rootless (I never tried it).
What does it mean / here? is it / in filesystem or it is / for dovecot in /usr/local/dovecot ?
I suppose "/" refers to the login subdir in your base_dir drwxr-x--- 2 root dovenull 4096 Sep 10 2016 /var/run/dovecot2.2/login//
The login processes seem to chroot there. This dir would match the permissions described in the error message and your info that 202 is dovenull.
In fact, the login processes are to run as another user (dovenull), if you do not run without root at all, in order to increase security by separated privilege levels. I would drop the "user = dovecot" lines.
I guess, you need to rephrase the subject in order to catch the attention of somebody else. But, what's your intention?
May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill) this was caused by restarting of Dovecot.
I thought the "reload" message reads something different.
On 02/05/17 09:13, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 1 May 2017, Kamil Kapturkiewicz wrote:
Unfortunately I am getting following error in DoveCot log instead:
May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<getpwuid() error>) egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750) May 01 14:35:41 managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=248(<unknown>) egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned by 0:202 mode=0750)
this error is pretty clear:
Directory "/" cannot be accessed by user 248:248
looks like a chroot'ed environment? Anyway, either:
- the accessing user ID of 248:248 is wrong,
- the owning user 0:202 is wrong or
- the access permissions should include "chmod o+x /"
May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 code=kill)
This shouldn't happen.
- -- Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37 Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5 u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w== =sg2z -----END PGP SIGNATURE-----
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWQlswHz1H7kL/d9rAQIOQQf/W4/PrWAikuEA0nfyaHU+pZNK+HpJFKkw mz02uCG5mUDw5CaidmgMU2B7z67nw3pa2nSZYpUOdiPwhrS2alAxIV8UtNUFBuog SYotBvnJmD62NsIeKJ5VQna9lGAB41zEPI5bekzvLWTfo0oic7EmiVIHvYLpBQwb 80PwAaN5hPMZrPwq+1w3EJvOr7jckIwxxlDeQcawHprY2Hq4H8SSmDFgGN+1KwQ0 nW3YqIBrfaYprfRBXz2wgGICuYuF5t5WLShBYR14WybrSrIxW0Yjt+wz8lRP/IlP OhAqUj+6yU/11ILEUasjVrryZQkLDD6YtpgbDeuF0Rpi3Z11WSTC3g== =tBJC -----END PGP SIGNATURE-----
participants (2)
-
Kamil Kapturkiewicz
-
Steffen Kaiser