bug report: lmtp fails on root-squashed NFS filesystem
Hi, all.
I'm trying to set up Postfix with dovecot LTMP delivery on a host where the user files (/var/spool/mail as well as home directories) are on NFS filesystems, which are exported root-squashed to the mail server. I definitely don't want to give the mail server root permissions on the user files.
LMTP delivery fails with this logged message (e.g.):
Nov 16 17:51:36 lust dovecot: lmtp(anne)<16830>
I found this posting where someone else had a similar problem and traced it in some detail back in 2019:
https://dovecot.org/list/dovecot/2019-February/114611.html
but apparently no one answered the fellow.
In order to check that this is indeed the same problem, I temporarily changed the INBOX definition to make it write into /var/tmp/ (on a local filesystem), and delivery worked.
I then temporarily changed the INBOX definition to make it write into an NFS filesystem with root NOT squashed, and again it worked (after I chmodded the directory to 1777 to allow any user to create a file).
I believe that the person who wrote the above posting is correct: at some point, file access is (incorrectly) checked as root instead of as the target user.
This is a bit of a showstopper for me. Any plans to address this?
I attach the output of "dovecot -n", fwiw, but I don't think that this is a configuration problem...
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285
Following up to my own post:
I'm trying to set up Postfix with dovecot LTMP delivery on a host where the user files (/var/spool/mail as well as home directories) are on NFS filesystems, which are exported root-squashed to the mail server.
[LMTP delivery fails with "save failed to INBOX: Read-only mbox"]
I found this posting where someone else had a similar problem and traced it in some detail back in 2019:
https://dovecot.org/list/dovecot/2019-February/114611.html
but apparently no one answered the fellow.
However, he was definitely on the right track, that is, file access was (incorrectly) checked as root, using "access()", instead of as the target user, using "euidaccess()".
I patched "src/lib-storage/index/mbox/mbox-storage.c" and "src/lib-storage/index/maildir/maildir-storage.c" to replace calls to "access()" with calls to "euidaccess()", and now mail delivery (to mboxes) works for me. (I can't test maildir yet.)
Could this be considered for a patch to future versions, please?
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285
On 23/11/2021 23:47 Anne Bennett anne@encs.concordia.ca wrote:
Following up to my own post:
I'm trying to set up Postfix with dovecot LTMP delivery on a host where the user files (/var/spool/mail as well as home directories) are on NFS filesystems, which are exported root-squashed to the mail server.
[LMTP delivery fails with "save failed to INBOX: Read-only mbox"]
I found this posting where someone else had a similar problem and traced it in some detail back in 2019:
https://dovecot.org/list/dovecot/2019-February/114611.html
but apparently no one answered the fellow.
However, he was definitely on the right track, that is, file access was (incorrectly) checked as root, using "access()", instead of as the target user, using "euidaccess()".
I patched "src/lib-storage/index/mbox/mbox-storage.c" and "src/lib-storage/index/maildir/maildir-storage.c" to replace calls to "access()" with calls to "euidaccess()", and now mail delivery (to mboxes) works for me. (I can't test maildir yet.)
Could this be considered for a patch to future versions, please?
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285
Hi Anne!
Would it be possible for you to open a pull request on https://github.com/dovecot/core?
Aki
Hello Aki.
I patched "src/lib-storage/index/mbox/mbox-storage.c" and "src/lib-storage/index/maildir/maildir-storage.c" to replace calls to "access()" with calls to "euidaccess()", and now mail delivery (to mboxes) works for me. (I can't test maildir yet.)
Could this be considered for a patch to future versions, please?
Would it be possible for you to open a pull request on https://github.com/dovecot/core?
There was a bit of a learning curve involved, but I believe I've managed to do it. It came out as two pull requests: one for mbox mail folders, which is working fine for me, and one for maildir mail folders, which I have not yet tested, but they are essentially the same changes.
It's not impossible that I've missed some spots, but for now, LMTP delivery and IMAP are working for mailboxes on a root-squashed NFS filesystem. Indexes are on NFS, but not root-squashed, so if changes are required also for them, I've probably missed them.
Thanks for considering my patches!
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285
On 25/11/2021 01:29 EET Anne Bennett anne@encs.concordia.ca wrote:
Hello Aki.
I patched "src/lib-storage/index/mbox/mbox-storage.c" and "src/lib-storage/index/maildir/maildir-storage.c" to replace calls to "access()" with calls to "euidaccess()", and now mail delivery (to mboxes) works for me. (I can't test maildir yet.)
Could this be considered for a patch to future versions, please?
Would it be possible for you to open a pull request on https://github.com/dovecot/core?
There was a bit of a learning curve involved, but I believe I've managed to do it. It came out as two pull requests: one for mbox mail folders, which is working fine for me, and one for maildir mail folders, which I have not yet tested, but they are essentially the same changes.
It's not impossible that I've missed some spots, but for now, LMTP delivery and IMAP are working for mailboxes on a root-squashed NFS filesystem. Indexes are on NFS, but not root-squashed, so if changes are required also for them, I've probably missed them.
Thanks for considering my patches!
Anne.
Ms. Anne Bennett, Senior Sysadmin, ENCS, Concordia University, Montreal H3G 1M8 anne@encs.concordia.ca +1 514 848-2424 x2285
Hi!
This has now been fixed and should be part of 2.4 ce release. Please see https://github.com/dovecot/core/compare/97efaa73b0dff6b96c80e4504abb40d3e5cf...
Aki
participants (2)
-
Aki Tuomi
-
Anne Bennett