[Dovecot] Why dovecot does not want to read my acl file?

Lukas Haase lukashaase at gmx.at
Tue Dec 15 17:24:24 EET 2009 

Hi,

Simple Scenario: Shared namespace and a specific UNIX group should have 
access to it. System is Debian lenny (stable).

# cat /etc/dovecot/dovecot.conf
[...]
namespace public {
	separator = .
	prefix = Shared.
	location = maildir:/var/mail/shared
}
mail_executable = /usr/local/sbin/dovecot-imap-fix.sh
mail_drop_priv_before_exec = no  #just to make sure
[...]

# dpkg -l | grep dovecot
ii  dovecot-common      1:1.0.15-2.3+lenny1 secure mail server that
ii  dovecot-imapd       1:1.0.15-2.3+lenny1 secure IMAP server that

# cat /usr/local/sbin/dovecot-imap-fix.sh
#!/bin/sh
cat /var/mail/shared/.Office/dovecot-acl > /tmp/dovecot-$USER
env >> /tmp/dovecot-$USER
ACL_GROUPS=`groups $USER | tr ' '  ','`
export ACL_GROUPS
exec /usr/lib/dovecot/imap $*

# ls -la -R /var/mail/shared/     # (cut the .,.. in output)
/var/mail/shared/:
total 28
drwxrwx--- 5 root office 4096 Dec 15 15:53 .Office
drwxr-xr-x 2 root root   4096 Dec 14 16:55 cur
-rw-r--r-- 1 root root     23 Dec 15 07:46 dovecot-acl
-rw-r--r-- 1 root root      0 Dec 15 07:42 dovecot-shared
drwxr-xr-x 2 root root   4096 Dec 14 16:55 new
drwxr-xr-x 2 root root   4096 Dec 14 16:55 tmp

/var/mail/shared/.Office:
total 24
drwxrwx--- 2 root office 4096 Dec 15 09:53 cur
-rw-r--r-- 1 root root     52 Dec 15 15:53 dovecot-acl
-rw-rw---- 1 root office    0 Dec 15 07:42 dovecot-shared
drwxrwx--- 2 root office 4096 Dec 15 09:53 new
drwxrwx--- 2 root office 4096 Dec 15 09:53 tmp

# id peter
uid=1000(peter) gid=100(users) 
groups=51683(office),25783(ssh_users),100(users)
#

Now I log in as peter but I my client (latest TB 2) does not display the 
office folder. In the log it claimes that it is not able to open the acl 
file what really can NOT be true:

Dec 15 15:56:05 mail dovecot: IMAP(peter): acl vfile: no access to file 
/var/mail/shared/.Office/dovecot-acl

I tried:
* su peter: Access no problem!
* ps aux: The process is running as peter
* As you can see I have debugging code in my dovecot-imap-fix.sh which 
successfully prints out the content of the ACL file to /tmp/user-peter

I can't image that, it seems as if it is not true.

By the way: As soon as I change the mail_executable to 
/usr/local/sbin/dovecot-imap-fix.sh I get this message and have 
absolutely no clue why:

# /etc/init.d/dovecot restart
Restarting IMAP/POP3 mail server: dovecotid: dump-capability: No such user
.
#

Which dump-capability? Which user?

Does anybody have an idea what could be wrong here?

Thank you very much,
Luke

More information about the dovecot mailing list