[Dovecot] Odd ownership of the dovecot-uidlist file
dclist.hook at hook.net.nz
Tue Jun 3 20:52:36 UTC 2014
Please see my responses below,
On 04/06/14 01:35, dovecot-request at dovecot.org wrote:
> Message: 4
> Date: Tue, 3 Jun 2014 09:33:48 +0200 (CEST)
> From: Steffen Kaiser
>> >Jun 3 11:38:51 brio dovecot: Dovecot postlogin.sh running as hamish at XXXXX
>> >(/mnt/spool/keepers/h/XXXXX/hamish) userid = 7053 (7053) - uidlist = 26624
>> >Jun 3 11:38:51 brio dovecot: Dovecot for hamish at XXXXX finished, uidlist now =
> who is user 26624? Is the uid valid at all? If it is invalid, are there
> other files owned by this uid? Maybe only one of your NFS server has this
> uid in its /etc/passwd? Is user "hamish" shared to another user somehow,
> either via symlinks, ACLs, ...?
UID 26624 is a valid user ('info' of domain14552) but under a compleltly
different domain name (hamish is under domain25367). However that user
has also not logged in around the time the ownership was changed. There
is no relevance to the two users, except that they exist on the system
and for some reason this issue happened to the hamish user.
The NFS server does not know about the UIDs, it just provides the
numeric IDs which is translated on the dovecot/exim servers by NSS and
Dovecotr using the replicated MySQL database. Additionally both users
have existed for some time and the databases are in sync. Customers also
do not have any access to the file system so there will be no symlinks
Its also not a single server that we are seeing the issue on, it maybe
one Dovecot server accessing one NFS server. Then the next time its a
different Dovecot server accessing a different NFS server.
>> >the logs for that time which is abnormal (a whole bunch of other logins from
>> >other customers but nothing from those two users and no errors)
> What about cron jobs, message delivery, backups, ... anything that
> possibly can alter that file. I don't think, it's a Dovecot issue, unless
> the uid 26624 is valid and hamish is shared with that user.
Nothing besides Courier being replaced by Dovecot has changed in the
server setup (although I could be wrong there, but we are going through
one component at a time and until this issue is resolved we are not
moving onto the next), and the only file which is being modified is a
file which only Dovecot maintains.
There are hourly backups which do an rsync to another server in case of
hardware failure, there are scripts which move mailboxes between NFS
servers but they show up in logs. Exim has no need to touch a dovecot
controlled file, and when it writes mail into the maildir its writing as
the correct user.
It also seem odd that one login is fine then randomly the next login the
file ownership has changed, nothing happens in between the two logins
which are in some cases only 5 to 10 minutes apart.
All I am really looking for is ideas on where to look, as it seems odd
that nobody else is reporting this, and since its a reasonably new setup
its possibly something we have done in the config (which I posted in my
first email). Is there a reliable way to run a script directly when a
dovecot session starts and finishes so we could output the ownership
before and after which may also help eliminate the session itself.
More information about the dovecot