[Dovecot] Master passwords and ACLs

Angel L. Mateo amateo at um.es
Wed Feb 27 12:49:04 EET 2013


Hello,

	Since I have activated acl plugin, master password is no longer working.

	I'm running dovecot 2.1.9 with master password and acl plugin (among 
others). I have attached my configuration. If I disable acl plugin, it 
works, but if I enabled it, dovecot fails. In the client, I get:

amateo at joshua:~$ telnet myotis30.um.es 143
Trying 155.54.211.169...
Connected to myotis30.um.es.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE AUTH=PLAIN] Dovecot ready.
1 login <user>*master <master pass>
1 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND 
UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE 
QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS 
SPECIAL-USE QUOTA ACL RIGHTS=texk] Logged in
2 SELECT INBOX
2 NO [SERVERBUG] Internal error occurred. Refer to server log for more 
information. [2013-02-27 11:46:50]

	and in the server I get:

Feb 27 11:46:47 myotis30 dovecot: imap-login: Login: user=<<user>>, 
method=PLAIN, rip=155.54.67.5, lip=155.54.211.169, mpid=53762, 
session=<aECqfbLWvACbNkMF>
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Loading modules from 
directory: /usr/lib/dovecot/modules
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib01_acl_plugin.so
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib02_imap_acl_plugin.so
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib10_quota_plugin.so
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib11_imap_quota_plugin.so
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Module loaded: 
/usr/lib/dovecot/modules/lib20_zlib_plugin.so
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Added userdb setting: 
plugin/master_user=master
Feb 27 11:46:47 myotis30 dovecot: imap: Debug: Added userdb setting: 
plugin/quota_rule=*:storage=10G
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Effective 
uid=113246, gid=110, home=/home/alumnos/46/113246
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: No 
acl_shared_dict setting - shared mailbox listing is disabled
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Quota root: 
name=User quota backend=dict 
args=:file:/home/alumnos/46/113246/Maildir/dovecot.quota
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Quota rule: 
root=User quota mailbox=* bytes=10737418240 messages=0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Quota rule: 
root=User quota mailbox=Trash bytes=+1073741824 messages=0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: dict quota: 
user=<user>, uri=file:/home/alumnos/46/113246/Maildir/dovecot.quota, 
noenforcing=0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Namespace : 
type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, 
subscriptions=yes location=maildir:~/Maildir:INDEX=/var/indexes/<user>
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: maildir++: 
root=/home/alumnos/46/113246/Maildir, index=/var/indexes/<user>, 
control=, inbox=/home/alumnos/46/113246/Maildir, alt=
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: initializing 
backend with data: vfile
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: acl username 
= master
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: owner = 0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl vfile: Global 
ACL directory: (none)
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Namespace : 
type=private, prefix=BORRADOS., sep=., inbox=no, hidden=yes, list=no, 
subscriptions=yes location=maildir:~/Maildir/expunged
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: maildir++: 
root=/home/alumnos/46/113246/Maildir/expunged, index=, control=, inbox=, 
alt=
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: initializing 
backend with data: vfile
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: acl username 
= master
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: owner = 0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl vfile: Global 
ACL directory: (none)
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: Namespace : 
type=shared, prefix=shared.%u., sep=., inbox=no, hidden=no, 
list=children, subscriptions=no 
location=maildir:%h/Maildir:INDEX=~/Maildir/shared/%u
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: shared: 
root=/var/run/dovecot, index=, control=, inbox=, alt=
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: initializing 
backend with data: vfile
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: acl username 
= master
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl: owner = 0
Feb 27 11:46:47 myotis30 dovecot: imap(<user>): Debug: acl vfile: Global 
ACL directory: (none)
Feb 27 11:46:50 myotis30 dovecot: imap(<user>): Debug: acl vfile: file 
/home/alumnos/46/113246/Maildir/dovecot-acl not found
Feb 27 11:46:50 myotis30 dovecot: imap(<user>): Error: Failed to 
autocreate mailbox INBOX: Permission denied

	This user, accesed directly, without master user, works perfectly, with 
no problem, even with acl plugin.

	Any idea?

-- 
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
http://www.um.es/atica
Tfo: 868889150
Fax: 868888337
-------------- next part --------------
# 2.1.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.4.0-030400-generic x86_64 Ubuntu 12.04.2 LTS 
auth_cache_size = 20 M
auth_cache_ttl = 1 days
auth_debug = yes
auth_master_user_separator = *
auth_verbose = yes
default_process_limit = 1024
disable_plaintext_auth = no
imapc_features = rfc822.size
imapc_host = myotis51.um.es
imapc_master_user = master
imapc_password = VAsGowem
log_timestamp = %Y-%m-%d %H:%M:%S
login_trusted_networks = 155.54.211.176/28
mail_access_groups = vmail
mail_debug = yes
mail_gid = vmail
mail_location = maildir:~/Maildir:INDEX=/var/indexes/%Ln
mail_plugins = quota zlib acl
mail_privileged_group = mail
maildir_very_dirty_syncs = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
mdbox_rotate_size = 20 M
namespace {
  inbox = yes
  location = 
  prefix = 
  separator = .
}
namespace {
  hidden = yes
  list = no
  location = maildir:~/Maildir/expunged
  prefix = BORRADOS.
  separator = .
}
namespace {
  list = children
  location = maildir:%%h/Maildir:INDEX=~/Maildir/shared/%%u
  prefix = shared.%%u.
  separator = .
  subscriptions = no
  type = shared
}
passdb {
  args = /etc/dovecot/master-users
  driver = passwd-file
  master = yes
  pass = yes
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
passdb {
  args = session=yes cache_key=%Ln dovecot
  driver = pam
}
plugin {
  acl = vfile
  quota = dict:User quota::file:%h/Maildir/dovecot.quota
  quota_rule = *:storage=10G
  quota_rule2 = Trash:storage=+1G
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
  sieve_max_redirects = 15
  zlib_save = gz
  zlib_save_level = 6
}
postmaster_address = postmaster at um.es
protocols = imap pop3 lmtp sieve
service anvil {
  client_limit = 3075
}
service auth {
  client_limit = 4096
  unix_listener auth-userdb {
    mode = 0777
  }
}
service doveadm {
  inet_listener {
    port = 24245
  }
}
service imap {
  process_limit = 5120
  process_min_avail = 2
  vsz_limit = 512 M
}
service ipc {
  unix_listener ipc {
    user = dovecot
  }
}
service lmtp {
  inet_listener lmtp {
    port = 24
  }
  process_min_avail = 10
  vsz_limit = 512 M
}
service pop3 {
  process_min_avail = 2
}
ssl = no
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-ldap.conf.ext
  driver = ldap
}
protocol lda {
  mail_plugins = quota zlib acl sieve
}
protocol imap {
  mail_plugins = quota zlib acl imap_quota imap_acl
}
protocol lmtp {
  mail_plugins = quota zlib acl sieve
}
protocol pop3 {
  pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, in=%i, out=%o
}
local 155.54.211.160/27/27 {
  doveadm_password = ]dWhu5kB
}


More information about the dovecot mailing list