[Dovecot] Dovecot POP3 fails to chdir under FC6
James A. McDonald
James.A.McDonald at nrl.navy.mil
Fri Jan 26 14:49:54 UTC 2007
I started the Dovecot POP3 server under Fedora Core 6 (rpm
dovecot-1.0-1.1.rc15.fc6),
but some users couldn't connect, with /var/log/maillog show the message
Jan 24 13:20:00 mmace dovecot: chdir(/branch/home/mmace) failed with uid
205: Permission denied
Jan 24 13:20:00 mmace dovecot: child 18792 (pop3) returned error 89
(I had already edited first_valid_UID in /etc/dovecot.conf to allow
UID's >= 200.)
However, only users who had their home directory under /branch/home couldn't
connect. Users with homedirs under /home connected via POP3 just fine.
I found out POP3 connection failures also logged an error to /etc/messages:
Jan 24 13:20:00 mmace kernel: audit(1169662800.479:160): avc: denied {
search } for pid=18792 comm="dovecot" name="/" dev=sda3 ino=2
scontext=system_u:system_r:dovecot_t:s0
tcontext=system_u:object_r:mnt_t:s0 tclass=dir
So, selinux was the culprit. My home directories had the right selinux
security context,
but the root of the disk holding those home directories (/branch is a
separate disk drive)
had a security context (system_u:object_r:mnt_t) that Fedora's selinux
rules for dovecot
did not allow. I changed the context of /branch to
system_u:object_r:usr_t, and
dovecot POP3 access worked for all users.
More information about the dovecot
mailing list