[Dovecot] Dovecot shared mailbox folder problem
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
I've set up a namespace to share some mailboxes.
When I try to select them, I get an internal error:
Client-server chat:
- OK Dovecot ready. 1 login dvtest2 x 1 OK Logged in. 2 list "" *
- LIST (\HasNoChildren) "." "Trash"
- LIST (\HasChildren) "." "test"
- LIST (\HasNoChildren) "." "INBOX"
- LIST (\HasNoChildren) "." "test.test2"
- LIST (\Noselect \HasChildren) "." "Shared"
- LIST (\HasNoChildren) "." "Shared.testAccess"
- LIST (\HasNoChildren) "." "Shared.testNOaccess" 2 OK List completed. 3 select "Shared.testAccess" 3 NO Internal error occurred. Refer to server log for more information. [2007-07-04 16:45:31]
dovecot: Jul 04 16:45:31 Error: IMAP(dvtest2) [3512]: stat(/mnt/mailcache/shared/.testAccess/cur) failed: Permission denied
l /mnt/mailcache/shared/.testAccess -n
total 24 drwxrws--- 5 31045 30005 4096 2007-07-04 15:53 ./ drwxr-xr-x 6 0 0 4096 2007-07-04 16:08 ../ drwxrwsr-x 2 31045 30005 4096 2007-06-21 12:19 cur/
- -rw-r--r-- 1 31045 30005 17 2007-07-04 15:38 dovecot-acl
- -rw-rw---- 1 31045 30005 0 2007-07-04 15:53 dovecot-shared drwxrws--- 2 31045 30005 4096 2007-06-21 13:57 new/ drwxrws--- 2 31045 30005 4096 2007-06-21 13:57 tmp/
I added chmod o+rx for testing purpose, just in case.
stracing the situation results in:
gettimeofday({1183560101, 339756}, {4294967176, 0}) = 0 read(0, "3 select \"Shared.testAccess\"\r\n", 3978) = 30 setsockopt(1, SOL_TCP, TCP_CORK, [1], 4) = 0 stat64("/mnt/mailcache/shared/.testAccess", {st_mode=S_IFDIR|S_ISGID|0770, st_size=4096, ...}) = 0 stat64("/mnt/mailcache/shared/.testAccess/cur", 0xbf8cb470) = -1 EACCES (Permission denied) write(2, "\1Estat(/mnt/mailcache/shared/.te"..., 72) = 72 stat64("/etc/localtime", {st_mode=S_IFREG|0644, st_size=837, ...}) = 0 write(1, "3 NO Internal error occurred. Re"..., 95) = 95 setsockopt(1, SOL_TCP, TCP_CORK, [0], 4) = 0 gettimeofday({1183560101, 341458}, NULL) = 0
What do I wrong?
1.0.1: /usr/local/dovecot/etc/dovecot.conf
base_dir: /var/run/dovecot/ log_path: /var/log/dovecot/dovecot.log protocols: imap imaps pop3 pop3s ssl_ca_file: /etc/ssl/certs/ca.crt ssl_cert_file(default): /etc/ssl/certs/imap.pem ssl_cert_file(imap): /etc/ssl/certs/imap.pem ssl_cert_file(pop3): /etc/ssl/certs/pop3.pem ssl_key_file(default): /etc/ssl/private/imap.key ssl_key_file(imap): /etc/ssl/private/imap.key ssl_key_file(pop3): /etc/ssl/private/pop3.key disable_plaintext_auth: no verbose_ssl: yes login_dir: /var/run/dovecot//login login_executable(default): /usr/local/dovecot/libexec/dovecot/imap-login login_executable(imap): /usr/local/dovecot/libexec/dovecot/imap-login login_executable(pop3): /usr/local/dovecot/libexec/dovecot/pop3-login login_log_format_elements: %p: user=<%u> method=%m rip=%r lip=%l %c verbose_proctitle: yes first_valid_uid: 1000 mail_location: maildir:%h/MailDir:CONTROL=/var/cache/dovecot/%i/control:INDEX=/var/cache/dovecot/%i/index mail_debug: yes dotlock_use_excl: yes maildir_copy_with_hardlinks: yes maildir_copy_preserve_filename: yes umask: 7 mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/dovecot-1.0.1/libexec/dovecot/rawlog /usr/local/dovecot-1.0.1/libexec/dovecot/imap mail_executable(imap): /usr/local/dovecot-1.0.1/libexec/dovecot/rawlog /usr/local/dovecot-1.0.1/libexec/dovecot/imap mail_executable(pop3): /usr/local/dovecot/libexec/dovecot/pop3 mail_plugins(default): quota imap_quota mail_log zlib acl mail_plugins(imap): quota imap_quota mail_log zlib acl mail_plugins(pop3): quota mail_log mail_plugin_dir(default): /usr/local/dovecot/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/dovecot/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/dovecot/lib/dovecot/pop3 mail_log_prefix: %Us(%u) [%p]: mail_log_max_lines_per_sec: 0 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %u pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): oe-ns-eoh namespace: type: private separator: . inbox: yes hidden: yes namespace: type: public separator: . prefix: Shared. location: /mnt/mailcache/shared:CONTROL=/var/cache/dovecot/%i/sek/control:INDEX=/var/cache/dovecot/%i/sek/index auth default: mechanisms: plain login cache_size: 10 username_chars: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890 verbose: yes debug: yes passdb: driver: ldap args: /usr/local/dovecot-1.0.1/etc/dovecot-ldap.conf userdb: driver: ldap args: /usr/local/dovecot-1.0.1/etc/dovecot-ldap.conf userdb: driver: passwd-file args: /etc/passwd socket: type: listen master: path: /var/run/dovecot/auth-master mode: 432 group: mail plugin: quota: fs
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRouzwS9SORjhbDpvAQLJwgf+NJ8bROXIRfoAjQy+eunNOtM+VoQB0I0A 6EUBG0XfTlgJ1hn63FxpQZPmKBMfLEl013DQQzm9Dw5GezrbgI815M+mZrP6BzYB 95ao1lCTo1hlyVGThG6LgE9JJS8BvE5ASaJOu4XD9u+d2LdV8I+MkcMC9o57XBQt nUV0RrNbxcQpuDq1Qpjf0tu9t0HCRoMzHD0p7cOHteSHiGvvrMeFD0JG7Ida7grQ Uzjbuw92qSNinwTE/89pVr3xrgJGmxdy7ix/y4UBeUx8I9YXOHheB7SOM3cQ6q6J KXKS89Fh9ZWZDsgQwmqaOfAhVgLQjyeAwyA6jqfNzg/Rx0J44m905w== =f+1y -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 4 Jul 2007, Steffen Kaiser wrote:
Hmm, it would be possibly interessting to know who is who ;-)
id dvtest2
uid=31022(dvtest2) gid=102(Debian-exim) groups=102(Debian-exim),30005(dvtestgrp)
The filesystem is a local, plain ext3 in Linux.
The permissions of both directories are the same, aren' t they? Why fails the 2nd stat(), but the 2st one succeeds?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRovmzy9SORjhbDpvAQJ1pwf/bk/eltZQcVM4hmzKoxxccFbxFPTUshNk Ke1/pkldddSCVktLE3PgRN/5CvL0ESdVk/+RxljdlMzHS6lYbG+mL7NJDhmTUQXb EWdg2wHlwyaLLkfDFT7vt91SKxnTnpibNRY+fHnN8H6+jSCIFiMyM302V+eNf+Ah NY6MsXDBQ9KUw2byyG1PLzbvqDjfd0vvsYGqRBZO5GsSeO+smwx90D5I4fqas/2m WwrBvt90H4crO3gO1MXzh8DwvQBJ+brPrvCQs12C89d9xxjjHJRuVjSbcZqn5BMT tv7fAPew2Zs2r6zkGsfwEaHduCzSefmsNPtcK52dqdJFb/k9FibO8w== =EItU -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, 4 Jul 2007, Steffen Kaiser wrote:
Hello,
after adding plenty of i_info()'s into:
./src/lib/restrict-access.c ./src/imap/main.c ./src/master/mail-process.c
I found out what the basic problem is, although not why the access to Maildir was successful - it should have been denied, too.
OK, attached there are these files:
- logging_only.log, a logfile with added logging only.
- setRESTRICT_USERfromUSER.log: a logfile, where in src/imap/main.c the missing env var RESTRICT_USER is set from the env var USER.
- the patch I used to do the logging and the change.
- the dovecot -n output.
The problem is that there is _no_ single call to restrict_access_set_env() with the user argument set, hence, the env var RESTRICT_USER is never set, but the only call to initgroups() in ./src/lib/restrict-access.c is invoked only, if RESTRICT_USER is present. Effectly: No secondary groups of the user are added to the process never.
In my situation:
id dvtest3
uid=30004(dvtest3) gid=30006(dvtest3) groups=30006(dvtest3),30004(spamd)
ls -aln ~dvtest3/Maildir/
drwxrwx--- 6 31045 30004 4096 2007-07-06 08:34 ./ drwxrwx--- 2 31045 30004 4096 2007-07-06 08:28 cur/
The access to Maildir/cur fails, because the secondary group 30004 is never added to the process. Surprisingly stat(Maildir) succeeds.
I experimented with "drop_priv_before_exec" and "add_extra_groups" settings, if they make any difference, but found none.
Maybe the problem is the 1st call to restrict_access_set_env():
dovecot: Jul 06 10:48:00 Info: ska: restrict_access_set_env(): user =
The user parameter is empty, but not NULL. I added some more logging, the uid/gid is 30004/30006 - that data of dvtest3. Maybe the problem is that in create_mail_process() when doing:
/* setup environment - set the most important environment first
(paranoia about filling up environment without noticing) */
restrict_access_set_env(system_user, uid, gid, chroot_dir,
set->first_valid_gid, set->last_valid_gid,
set->mail_extra_groups);
system_user is not set.
This is true for both local and LDAP users.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRo4LbC9SORjhbDpvAQL/6wf+KFu4a8f1j9GhLC/aaS+rn0f+/D2kYX5g npq/VPv7mt3Y4+s8xbAf3d3xl/TsH1wgZYx/g7uVpBae54vStcpOPum/yTCasohd 8B+1qJqYDztckpjTKTIfcIZvZWP7vcqALVdmPFcAgWx/wkWiSTKGpYW4JnhloFE8 6q2pEcvnj1k+TpHCxTm22c8w1MMUXKaeiLttxWZcg/VlZdShR+MWpArKgSqwXDlc 8XA05tzAO9xDDl+02zx0ysnp41n/i3n82bGWJFaNtpzurgf82ytVTI5WznrJwVSs +xzrOLmw2C8PJSB8Ur0Lg1HHSu+QuOn4+OcU4Rz8jc6jVeG5SfJJEg== =xbQF -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Fri, 6 Jul 2007, Steffen Kaiser wrote:
I default system_user to user, it seems to work. See attached patch.
dovecot: Jul 06 11:59:15 Info: IMAP(dvtest3) [23684]: Effective groups: primary=30006 secondary=8,30004,30006
Hoewever, is it correct?
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRo4TLC9SORjhbDpvAQLw7Qf+I7s2zj5lfDb2A0i5VLUPTZQDgv7huHzX 7Lq+8F/nP4PdEaeBWv6v5GDBzrVOLjMuHB4RrUt7wdlSXtLcFnqoMlqLJHsf+wN9 uBFoDjP7gZT5D5Xve/KAZzDuOl+G/Twc2W5DnMVxvRC2udXN3DJY90EV6852Qubw P1lzGN2ymb9wkvMNCbzmJqYc1llsc+Ohbj5/cBCrV2o9FYEOpqFB5J1QbgbeFltK fuuR3gruVpAGM5kiV6MGP/zqJJGrDcuUIeAL50qstkk/saE7YHyB3xV3Falyp+eI MFPLnEhfhzKX0kbgzyJVwZeYRvMW49QO5kca05OJib4mWwKN2Z4Pcw== =Lxy6 -----END PGP SIGNATURE-----
On Fri, 2007-07-06 at 11:29 +0200, Steffen Kaiser wrote:
It should be set if you use userdb passwd. For other userdbs you need to return it youself. For example with LDAP:
user_attrs = uid=system_user,..etc..
What about the other part of the patch, is it needed if system_user is set?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 9 Aug 2007, Timo Sirainen wrote:
Hmm, that's a bummer! It works with this setting.
I had an uid=user setting in the LDAP config (copied from passdb, I guess), but no definition of system_user, because I implied this - my users are real users, hence, I didn't assumed that I need another setting, from the Wiki:
http://wiki.dovecot.org/UserDatabase
"uid: User's UID (UNIX user ID)"
I sort of implied from this text, that uid is what Dovecot calls system_user, which I thought useful for virtual users only.
What about the other part of the patch, is it needed if system_user is set?
It just displays the groups of the process for debugging purposes.
Bye,
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRrxskC9SORjhbDpvAQIq2QgAsiaMFxywzsqnf0JJM5Ya9cQG/Dj9p0yT Y2G8nKj8nbdlwYlVcr3oGcPLcmNtbkPHfU29+xepc2c/N6UW9AUm+xx7IYRdfzH4 mzplfXGFRsIwNI1MFr1u3tUWRaARVz+yHqCV5eOpz47D7pIS460aj8ujBkINEcs5 YixMhDUVN6W+Z5NJd2JqwJjvHOwdgjlKYF6ID5Y39vOod3hfcx7+ZaSrDzxsBpDI T35GsjD9jLr7vb7/FzhF3zZ00rsTBqNBScidwNkppaPjmG/LVJC+U9oMfIHcIpKz bHUoK5z6BeyAwMqOIvf1S5mZskaCYUdkGxrGfbVR6q4yI0Ol+S7gqg== =4o+a -----END PGP SIGNATURE-----
Den 05-07-2007 16:43, Timo Sirainen skrev:
To me it seems that it is group executable as it, at least on my linux systems, is shown as S when the directory is setgid but not group executable.
Excerpt from a test case on my ubuntu desktop, notice the missing x on cur and the S on cur in the latter listing. Also note that this differs from Steffen Kaiser's listing, where both directories have a lower case s.
However he might use another version of ls which fails to show this difference?
-- Best regards, Christian
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 5 Jul 2007, Timo Sirainen wrote:
Linux' ls uses a capital S, if the executable permission is missing.
'.' has 02770 permissions.
That's really stange.
Bye.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRo3Z3C9SORjhbDpvAQIU0Qf/Rr4NodC0PWetaYxHUsoO8Zy+nPsgpmYy N0LnpEm7lexhGzCQwQWvT3902jVcMb+eBYN/2CLAydI8OGPDamIhoysFe1jxTiZf OsAqUsseSs/8Ouykhv8TegTmg0MZqPpDxMCNTIYzGIBOFbALspjPUPeepIic08jz OQF6MYWngATLZu3D45L0Fn3bUZgNLeJHRcOGv9A1URLR8wgogg/cVUTt8TcaVx9Q TfkIFro1dRp/x2pokMoUHgi9PX6x1nKYjtGPz6CGFw+uGYYek4soeGg0Ja2W/4pl U9zfB80OARZ0zl1l1UPeymRO1GOlpaaHt9wnqJuJUPwBRZbBgFfe8Q== =mqJC -----END PGP SIGNATURE-----
participants (4)
-
Christian Skarby
-
Richard Laager
-
Steffen Kaiser
-
Timo Sirainen