[Dovecot] Permission denied / missing +r perm
Andrew Crawford
drew at sealedabstract.com
Wed Jun 12 13:43:55 EEST 2013
FYI, the answer was in the filesystem. EncFS says
> Secondly, the --public flag changes how encfs's node creation functions work - as they will try and set ownership of new nodes based on the caller identification.
It seems that this was the culprit.
On Jun 12, 2013, at 4:53 AM, Andrew Crawford <drew at sealedabstract.com> wrote:
> I have postfix configured to deliver mail to dovecot over lmtp into a mailbox that then is accessed over imap. The imap server is running as the user "mail". Whenever I run "postfix flush" I get in mail.log:
>
>> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Connect from local
>> Jun 12 05:37:45 li212-205 spamd[18173]: prefork: child states: II
>> Jun 12 05:37:45 li212-205 dovecot: auth-worker(21289): mysql(127.0.0.1): Connected to database mailserver
>> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288, drew at REDACTED): zXAqF2lBuFEoUwAA5SnFYQ: msgid=<064C5BC7-357B-4366-9A80-5001DBA21F62 at REDACTED>: saved mail to INBOX
>> Jun 12 05:37:45 li212-205 postfix/lmtp[21287]: 57BDA1CC932: to=<drew at REDACTED>, relay=li212-205.members.linode.com[private/dovecot-lmtp], delay=0.06, delays=0.01/0.01/0.01/0.03, dsn=2.0.0, status=sent (250 2.0.0 <drew at REDACTED> zXAqF2lBuFEoUwAA5SnFYQ Saved)
>> Jun 12 05:37:45 li212-205 dovecot: lmtp(21288): Disconnect from local: Client quit (in reset)
>> Jun 12 05:37:45 li212-205 postfix/qmgr[21244]: 57BDA1CC932: removed
>> Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Error: open(/decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,) failed: Permission denied (euid=8(mail) egid=8(mail) missing +r perm: /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/1371029865.M411903P21288.li212-205,S=2626,W=2673:2,, we're not in group 0(root))
>> Jun 12 05:37:45 li212-205 dovecot: imap(drew at REDACTED): Disconnected: Internal error occurred. Refer to server log for more information. [2013-06-12 05:37:45] in=349 out=1084
>
>
> Indeed, the file in question is owned by root and would not be accessible to the mail user:
>
>> ls -la /decrypted-mail/awesomebox.sealedabstract.com/drew/cur/
>> total 24
>> drwxrw---- 2 mail mail 4096 Jun 12 05:37 .
>> drwxrw---- 7 mail mail 4096 Jun 12 05:37 ..
>> -rw-rw---- 1 mail mail 2616 Jun 12 05:26 1371029196.M462737P20302.li212-205,S=2616,W=2662:2,
>> -rw-rw---- 1 mail mail 2635 Jun 12 05:32 1371029564.M454251P20747.li212-205,S=2635,W=2682:2,
>> -rw-rw---- 1 root root 2626 Jun 12 05:37 1371029865.M411903P21288.li212-205,S=2626,W=2673:2,
>
> So dutifully, I chown / chgrp to the mail user. But as soon as i receive a new mail, dovecot again creates files owned by root:root.
>
> How do I convince it to create files as mail:mail ?
>
>
> Diagnostic info:
>
>> $ dovecot --version
>> 2.1.7
>
>> $ ps -aux | grep dovecot
>> root 20810 0.0 0.0 2892 984 ? Ss 05:34 0:00 /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
>> dovecot 20813 0.0 0.0 2620 940 ? S 05:34 0:00 dovecot/anvil
>> root 20814 0.0 0.1 2752 1072 ? S 05:34 0:00 dovecot/log
>> root 20818 0.0 0.2 4348 2524 ? S 05:34 0:00 dovecot/config
>> dovenull 21046 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login
>> mail 21047 0.0 0.2 6392 2088 ? S 05:35 0:00 dovecot/imap
>> dovenull 21056 0.0 0.2 5248 2500 ? S 05:35 0:00 dovecot/imap-login
>> mail 21057 0.0 0.2 6752 2576 ? S 05:35 0:00 dovecot/imap
>> dovenull 21292 0.0 0.2 5248 2500 ? S 05:37 0:00 dovecot/imap-login
>> root 21293 0.0 0.1 4508 1044 ? S 05:37 0:00 dovecot/ssl-params
>> mail 21294 0.0 0.2 6540 2624 ? S 05:37 0:00 dovecot/imap
>> root 21400 0.0 0.0 4104 788 pts/0 S+ 05:51 0:00 grep dovecot
>
>> $ doveconf -n
>> # 2.1.7: /etc/dovecot/dovecot.conf
>> # OS: Linux 3.8.4-linode50 i686 Debian 7.0 fuse.encfs
>> auth_mechanisms = plain login
>> first_valid_uid = 0
>> mail_location = maildir:/decrypted-mail/%d/%n
>> mail_privileged_group = mail
>> namespace inbox {
>> inbox = yes
>> location =
>> mailbox Drafts {
>> special_use = \Drafts
>> }
>> mailbox Junk {
>> special_use = \Junk
>> }
>> mailbox Sent {
>> special_use = \Sent
>> }
>> mailbox "Sent Messages" {
>> special_use = \Sent
>> }
>> mailbox Trash {
>> special_use = \Trash
>> }
>> prefix =
>> }
>> passdb {
>> args = /etc/dovecot/dovecot-sql.conf.ext
>> driver = sql
>> }
>> protocols = " imap lmtp"
>> service auth-worker {
>> user = mail
>> }
>> service auth {
>> unix_listener /var/spool/postfix/private/auth {
>> group = postfix
>> mode = 0600
>> user = postfix
>> }
>> unix_listener auth-userdb {
>> mode = 0600
>> user = mail
>> }
>> user = dovecot
>> }
>> service imap-login {
>> inet_listener imap {
>> port = 0
>> }
>> }
>> service lmtp {
>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>> group = postfix
>> mode = 0666
>> user = postfix
>> }
>> user = mail
>> }
>> service pop3-login {
>> inet_listener pop3 {
>> port = 0
>> }
>> }
>> ssl = required
>> ssl_cert = </etc/ssl/certs/dovecot.pem
>> ssl_key = </etc/ssl/private/dovecot.pem
>> userdb {
>> args = uid=mail gid=mail home=/decrypted-mail/%d/%n
>> driver = static
>> }
>>
>
>
>
More information about the dovecot
mailing list