[Dovecot] Dovecot POP3 fails to chdir under FC6

James A. McDonald James.A.McDonald at nrl.navy.mil
Fri Jan 26 14:49:54 UTC 2007


I started the Dovecot POP3 server under Fedora Core 6 (rpm 
dovecot-1.0-1.1.rc15.fc6),
but some users couldn't connect, with /var/log/maillog show the message

Jan 24 13:20:00 mmace dovecot: chdir(/branch/home/mmace) failed with uid 
205: Permission denied
Jan 24 13:20:00 mmace dovecot: child 18792 (pop3) returned error 89

(I had  already edited first_valid_UID in /etc/dovecot.conf to allow 
UID's >= 200.)
However, only users who had their home directory under /branch/home couldn't
connect.  Users with homedirs under /home connected via POP3 just fine.
I found out POP3 connection failures also logged an error to /etc/messages:

Jan 24 13:20:00 mmace kernel: audit(1169662800.479:160): avc:  denied  { 
search } for  pid=18792 comm="dovecot" name="/" dev=sda3 ino=2 
scontext=system_u:system_r:dovecot_t:s0 
tcontext=system_u:object_r:mnt_t:s0 tclass=dir

So, selinux was the culprit.  My home directories had the right selinux 
security context,
but the root of the disk holding those home directories (/branch is a 
separate disk drive)
had a security context (system_u:object_r:mnt_t) that Fedora's selinux 
rules for dovecot
did not allow.  I changed the context of /branch to 
system_u:object_r:usr_t, and
dovecot POP3 access worked for all users.


More information about the dovecot mailing list