[Dovecot] Odd ownership of the dovecot-uidlist file

Tue Jun 3 20:52:36 UTC 2014

Hi,

Please see my responses below,

On 04/06/14 01:35, dovecot-request at dovecot.org wrote:
> Message: 4
> Date: Tue, 3 Jun 2014 09:33:48 +0200 (CEST)
> From: Steffen Kaiser
>> >Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX
>> >(/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 26624
>> >Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now =
>> >26624
> who is user 26624? Is the uid valid at all? If it is invalid, are there
> other files owned by this uid? Maybe only one of your NFS server has this
> uid in its /etc/passwd? Is user "hamish" shared to another user somehow,
> either via symlinks, ACLs, ...?
UID 26624 is a valid user ('info' of domain14552) but under a compleltly 
different domain name (hamish is under domain25367). However that user 
has also not logged in around the time the ownership was changed. There 
is no relevance to the two users, except that they exist on the system 
and for some reason this issue happened to the hamish user.

The NFS server does not know about the UIDs, it just provides the 
numeric IDs which is translated on the dovecot/exim servers by NSS and 
Dovecotr using the replicated MySQL database. Additionally both users 
have existed for some time and the databases are in sync. Customers also 
do not have any access to the file system so there will be no symlinks 
in place.

Its also not a single server that we are seeing the issue on, it maybe 
one Dovecot server accessing one NFS server. Then the next time its a 
different Dovecot server accessing a different NFS server.

>> >the logs for that time which is abnormal (a whole bunch of other logins from
>> >other customers but nothing from those two users and no errors)
> What about cron jobs, message delivery, backups, ... anything that
> possibly can alter that file. I don't think, it's a Dovecot issue, unless
> the uid 26624 is valid and hamish is shared with that user.
Nothing besides Courier being replaced by Dovecot has changed in the 
server setup (although I could be wrong there, but we are going through 
one component at a time and until this issue is resolved we are not 
moving onto the next), and the only file which is being modified is a 
file which only Dovecot maintains.

There are hourly backups which do an rsync to another server in case of 
hardware failure, there are scripts which move mailboxes between NFS 
servers but they show up in logs. Exim has no need to touch a dovecot 
controlled file, and when it writes mail into the maildir its writing as 
the correct user.

It also seem odd that one login is fine then randomly the next login the 
file ownership has changed, nothing happens in between the two logins 
which are in some cases only 5 to 10 minutes apart.

All I am really looking for is ideas on where to look, as it seems odd 
that nobody else is reporting this, and since its a reasonably new setup 
its possibly something we have done in the config (which I posted in my 
first email). Is there a reliable way to run a script directly when a 
dovecot session starts and finishes so we could output the ownership 
before and after which may also help eliminate the session itself.

Cheers,
Bruce