[Dovecot] Permissions problems

Google md.benson at gmail.com
Wed Nov 27 09:44:08 EET 2013


Hi,

I have dovecot 2.0.20 running (its an old version, I know, it came from the
stable archive at OpenCSW) with Solaris SMF integration working fine. It
enables and disables okay.

However, I cantt connect to it, it is allowing the connection, but spewing on
permissions:

Nov 24 17:34:20 proliant-1 dovecot: [ID 583609 mail.info] master: Dovecot
v2.0.20 starting up
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login:
user=<mark>, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18816
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login:
user=<mark>, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18818
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login:
user=<mark>, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18820
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap(mark):
Connection closed bytes=17/340
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login:
user=<mark>, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18822
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
rename(/mpool/mail/mark/dovecot.index.log.newlock,
/mpool/mail/mark/dovecot.index.log) failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist)
failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist)
failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist)
failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist)
failed: Permission denied
Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error:
unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied

If I actually try to copy mail to the inbox of the account it core-dumps and
does, and the SMF service drops into maintenance mode which requires
re-enabling.

The output from doveconf -n (this is changes from the default settings I
think?) is:

root at proliant-1:~# doveconf -n
# 2.0.20: /etc/opt/csw/dovecot/dovecot.conf
# OS: SunOS 5.11 i86pc  zfs
auth_first_valid_uid = 101
disable_plaintext_auth = no
first_valid_uid = 101
mail_location = maildir:/mpool/mail/%u
passdb {
 driver = pam
}
ssl_cert = </opt/csw/ssl/certs/dovecot.pem
ssl_key = </opt/csw/ssl/private/dovecot.pem
userdb {
 driver = passwd
}

The mail_location is in a ZFS filesystem on my RAIDz array. I couldnt think
of any other way of creating user-specific folders in the location. As the value
suggests, each user gets their own directory on the filesystem for mail.

Is this still a ‘safe’ way to do things or would I be better off relocating each
user’s ‘home’ directory to the pool somehow?

This is what the directory currently looks like:

mark at proliant-1:~$ ls -la /mpool/mail
total 6
drwxrwxrwx+ 3 root root  3 2013-11-24 17:17 .
drwxr-xr-x+ 5 root root  5 2013-11-24 13:50 ..
drwxrwxrwx+ 5 mark staff 9 2013-11-24 22:20 mark

mark at proliant-1:~$ ls -la /mpool/mail/mark/
total 14
drwxrwxrwx+ 5 mark staff  9 2013-11-24 22:20 .
drwxrwxrwx+ 3 root root   3 2013-11-24 17:17 ..
drwxrwxrwx+ 2 mark staff  2 2013-11-24 17:17 cur
-rwxrwxrwx+ 1 mark staff 51 2013-11-24 22:20 dovecot-uidlist.tmp
-rwxrwxrwx+ 1 mark staff  8 2013-11-24 22:20 dovecot-uidvalidity
-rwxrwxrwx+ 1 mark staff  0 2013-11-24 17:17 dovecot-uidvalidity.529234ad
-rwxrwxrwx+ 1 mark staff 40 2013-11-24 22:20 dovecot.index.log.newlock
drwxrwxrwx+ 2 mark staff  2 2013-11-24 17:17 new
drwxrwxrwx+ 2 mark staff  3 2013-11-24 17:21 tmp

Any ideas?

-- 

Mark Benson

http://DECtec.info
Twitter: @DECtecInfo
HECnet: STAR69::MARK

Online Resource & Mailing List for DEC Enthusiasts.



More information about the dovecot mailing list