[Dovecot] Dovecot fails to come up when using ACLs (1.0.b5)

Jeff Turner jeff at atlassian.com
Fri Aug 4 14:03:34 EEST 2006 

Hi,

I just had a go at enabling ACLs with 1.0b5. As per the docs I've done the configuration bit:

protocol imap {
..
  mail_plugins = acl
}
...
plugin {
  acl = vfile:/usr/local/etc/dovecot-acls
}

and created the dovecot-acls file. When I start dovecot, it hangs for a few
seconds and dies with this:


[root at redback root]# /etc/init.d/dovecot restart
Shutting down IMAP daemon (/usr/local/sbin/dovecot1.0rc5): [  OK  ]
Starting IMAP daemon (/usr/local/sbin/dovecot1.0rc5): IEffective uid=65534, gid=65534
INamespace: type=private, prefix=, sep=/, inbox=yes, hidden=no, subscriptions=no
Imaildir: data=/imap/mailboxes/dump-capability
Imaildir: root=/imap/mailboxes/dump-capability, index=/imap/mailboxes/dump-capability, control=, inbox=
INamespace: type=public, prefix=JiraSupport/, sep=/, inbox=no, hidden=no, subscriptions=no
Imaildir: data=/imap/mailboxes/jira-support:CONTROL=/imap/mailboxes/dump-capability/shared-settings/jira-support/control:INDEX=/imap/mailboxes/dump-capability/shared-settings/jira-support/index
Imaildir: root=/imap/mailboxes/jira-support, index=/imap/mailboxes/dump-capability/shared-settings/jira-support/index, control=/imap/mailboxes/dump-capability/shared-settings/jira-support/control, inbox=
Elstat(/imap/mailboxes/jira-support/cur) failed: Permission denied
                                                           [FAILED]


there's a strange dump-capability mailbox created:

[root at redback root]# ls -la /imap/mailboxes/dump-capability/
total 20
drwxrwx---    5 nfsnobody nfsnobody     4096 Aug  4 19:59 .
drwxr-xrwx   28 root     mail         4096 Aug  4 19:59 ..
drwxrwx---    2 nfsnobody nfsnobody     4096 Aug  4 19:59 cur
drwxrwx---    2 nfsnobody nfsnobody     4096 Aug  4 19:59 new
drwxrwx---    2 nfsnobody nfsnobody     4096 Aug  4 19:59 tmp
[root at redback root]# 


First I tried making /imap/mailboxes/jira-support/* world-readable, which fixes
the 'Permisison denied' error. Dovecot still fails to come up. When I strace
the process on startup, this is what it looks like: 

......
open("/etc/passwd", O_RDONLY)           = 3
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
fstat64(3, {st_mode=S_IFREG|0644, st_size=3091, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40016000
read(3, "root:x:0:0:root:/root:/bin/bash\n"..., 4096) = 3091
close(3)                                = 0
munmap(0x40016000, 4096)                = 0
access("/usr/local/libexec/dovecot/imap", X_OK) = 0
access("/usr/local/lib/dovecot/imap", R_OK|X_OK) = 0
geteuid32()                             = 0
pipe([3, 4])                            = 0
fcntl64(3, F_GETFD)                     = 0
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
fcntl64(4, F_GETFD)                     = 0
fcntl64(4, F_SETFD, FD_CLOEXEC)         = 0
dup(2)                                  = 5
fcntl64(5, F_GETFD)                     = 0
fcntl64(5, F_SETFD, FD_CLOEXEC)         = 0
fork()                                  = 16282
close(5)                                = 0
close(4)                                = 0
alarm(5)                                = 0
wait4(-1, IEffective uid=65534, gid=65534
INamespace: type=private, prefix=, sep=/, inbox=yes, hidden=no, subscriptions=no
Imaildir: data=/imap/mailboxes/dump-capability
Imaildir: root=/imap/mailboxes/dump-capability, index=/imap/mailboxes/dump-capability, control=, inbox=
INamespace: type=public, prefix=JiraSupport/, sep=/, inbox=no, hidden=no, subscriptions=no
Imaildir: data=/imap/mailboxes/jira-support:CONTROL=/imap/mailboxes/dump-capability/shared-settings/jira-support/control:INDEX=/imap/mailboxes/dump-capability/shared-settings/jira-support/index
Imaildir: root=/imap/mailboxes/jira-support, index=/imap/mailboxes/dump-capability/shared-settings/jira-support/index, control=/imap/mailboxes/dump-capability/shared-settings/jira-support/control, inbox=
0xbfffcb7c, 0, NULL)          = ? ERESTARTSYS (To be restarted)
--- SIGALRM (Alarm clock) @ 0 (0) ---
+++ killed by SIGALRM +++


I tried chmod ugo+r'ing the /imap/dump-capability/ directory tree and it
made no difference.

I've attached my dovecot.conf, stripped of comments. 


Cheers,
Jeff
-------------- next part --------------
base_dir = /usr/local/var/run/dovecot/
protocols = imap imaps
disable_plaintext_auth = no
log_path = /usr/local/logs/dovecot
info_log_path = /usr/local/logs/dovecot.info
ssl_cert_file = /usr/local/etc/ssl/certs/imapd.pem
ssl_key_file = /usr/local/etc/ssl/private/imapd.pem
default_mail_env = maildir:/imap/mailboxes/%u
namespace private {
        separator = /
                prefix =
                inbox = yes
}
namespace public {
        prefix = JiraSupport/
                separator = /
                location = maildir:/imap/mailboxes/jira-support:CONTROL=/imap/mailboxes/%u/shared-settings/jira-support/control:INDEX=/imap/mailboxes/%u/shared-settings/jira-support/index
                hidden = no
}
mail_debug = yes
verbose_proctitle = yes
umask = 0007
protocol imap {
        mail_executable = /usr/local/libexec/dovecot/imap
        mail_plugins =  acl
        mail_plugin_dir = /usr/local/lib/dovecot/imap
}

protocol pop3 {
}
protocol lda {
        postmaster_address = postmaster at example.com
}
auth_verbose = yes
auth default {
        mechanisms = plain
                passdb pam {
                }
        userdb passwd {
        }
        user = root
}
dict {
}
plugin {
        acl = vfile:/usr/local/etc/dovecot-acls
}

More information about the dovecot mailing list