Dovecot-lda permission errors or maybe authentication errors?

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Nov 6 07:35:22 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 5 Nov 2014, Robert Kryger wrote:

> I agree the error message is confusing.  As mentioned, I initially thought
> the Maildir folder permissions were set wrong (since I transferred them over
> from an older mail server) so I have tried many combinations including
> setting full "rwx" permissions for everyone on the /home/user1 and
> /home/user1/Maildir folders.  It doesn't seem to help which leads me to
> suspect I might be mis-understanding the dovecot-lda error messages.

They are usually very clear and helpful.

> To confirm as currently set:
> User1 has full "rwx" permissions on the /home/user1 folder.

What filesystem /home/user1 is located on? E.g. AFS has yet another 
permission management. 
What happens if you try to access the folder as the system user:

su - user1 id -a
su - user1 ls -ald /home/user1

The 1st command verifies, that su - user1 is using the same uid as 
Dovecot, the 2nd one probes the accessability.

> I am running a "plain" CentOS 6.5 installation.  No intentional protection
> software like Apparmor, no SElinux features.

OK, first question answered. ;-)
What about the 2nd one about the permissions of / and /home?

> -----Original Message-----
> From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de]
> Sent: Wednesday, November 05, 2014 9:24 AM
> To: Robert Kryger
> Cc: dovecot at dovecot.org
> Subject: RE: Dovecot-lda permission errors or maybe authentication errors?
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Wed, 5 Nov 2014, Robert Kryger wrote:
>
>> Output of ls -nal /home/user1:
>>
>>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed:
>>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No
>>> such file or directory, euid is not dir owner)
>
>> total 156
>> drwx------.  6 524 524  4096 Nov  5 08:27 .
>
> This list doesn't seem to fit the error message, because user 524 is owning
> this dir and has full access permissions. Maybe, are you running some
> protection software, like SELinux, AppArmor, ..., which prevents access to
> this directory?
>
> Just to raise the obvious: "/" and "/home" do allow "x"-permission for user
> #524, don't they?
>
>> drwxr-xr-x. 34   0   0  4096 Oct  4 14:06 ..
>> -rw-------.  1 524 524  1148 Oct 15 13:44 .bash_history
>> -rw-r--r--.  1 524 524    18 Sep 25 22:13 .bash_logout
>> -rw-r--r--.  1 524 524   176 Sep 25 22:13 .bash_profile
>> -rw-r--r--.  1 524 524   124 Sep 25 22:13 .bashrc
>> -rw-r--r--.  1   0   0  1362 Nov  4 08:45 config.txt
>> -rw-r--r--.  1 524 524    75 Oct  6 11:39 .forward_old
>> -rw-r--r--.  1   0   0    37 Oct 26 19:09 .forward_test_lda
>> -rw-------.  1 524 524    55 Oct 12 20:12 .lesshst
>> -rw-r--r--.  1   0   0  1062 Nov  4 08:50 log1.log
>> -rw-r--r--.  1   0   0  1246 Nov  4 08:49 log2.log
>> drwxrw----. 35 524 524  4096 Nov  5 08:24 Maildir
>> drwxr-----. 35   0   0  4096 Oct 29 09:03 Maildirsave
>> drwxr-xr-x.  4 524 524  4096 May  6  2014 .mozilla
>> -rw-r--r--.  1 524 524    92 Oct 12 20:20 .procmailrc
>> -rw-r--r--.  1 524 524  1213 Oct  5 19:56 .procmailrc_old
>> -rw-r--r--.  1 524 524    92 Oct  6 10:27 .procmailrc_old2
>> -rw-r--r--.  1   0   0     0 Nov  5 08:27 question1.txt
>> drwx------.  2 524 524  4096 Oct 14 16:02 .ssh
>> -rw-rw-r--.  1 524 524   152 Oct  6 10:25 testmessage.txt
>> -rwxr-xr-x.  1 524 524    87 Oct  6 13:59 testscript
>> -rw-rw-r--.  1 524 524 60810 Oct 27 16:57 top.log
>> -rw-r--r--.  1   0   0     6 Nov  4 08:45 version.txt
>> -rw-------.  1 524 524  3973 Oct 27 16:58 .viminfo
>>
>> -----Original Message-----
>> From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de]
>> Sent: Wednesday, November 05, 2014 5:26 AM
>> To: Robert Kryger
>> Cc: dovecot at dovecot.org
>> Subject: Re: Dovecot-lda permission errors or maybe authentication errors?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> On Tue, 4 Nov 2014, Robert Kryger wrote:
>>
>>> I have tried to specify the dovecot-lda in two ways.  First, in the
>>> /etc/postfix/main.cf file:
>>>
>>> mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a
>>> "$RECIPIENT"
>>>
>>> or alternatively, I leave the mailbox_command blank and specify the
>>> following in the .forward file of a test user:
>>>
>>> | "/usr/libexec/dovecot/dovecot-lda"
>>>
>>> Either approach gives me the same error(s).  When a mail message is
>>> sent to the test user USER1, the following errors appear in the
>>> dovecot-lda error
>>> file:
>>>
>>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed:
>>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No
>>> such file or directory, euid is not dir owner) Nov 04 08:47:29
> lda(user1):
>> Error:
>>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
>>> Error: user user1: Initialization failed: Namespace 'INBOX.':
>>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
>>> egid=524(user1) stat() failed: No such file or directory, euid is not
>>> dir
>>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings.
>>> Refer to server log for more information.
>>>
>>> Nov 04 08:47:29 lda(user1): Error: chdir(/home/user1/) failed:
>>> Permission denied (euid=524(user1) egid=524(user1) stat() failed: No
>>> such file or directory, euid is not dir owner) Nov 04 08:47:29
> lda(user1):
>> Error:
>>> chdir(/home/user1) failed: Permission denied Nov 04 08:47:29 lda(user1):
>>> Error: user user1: Initialization failed: Namespace 'INBOX.':
>>> stat(/home/user1/Maildir) failed: Permission denied (euid=524(user1)
>>> egid=524(user1) stat() failed: No such file or directory, euid is not
>>> dir
>>> owner) Nov 04 08:47:29 lda(user1): Fatal: Invalid user settings.
>>> Refer to server log for more information.
>>>
>>> At first, I interpreted this to mean the file permissions were not
>>> set correctly on the home directory or the Maildir folder.  However,
>>> I have opened these up to full rwx access for everyone and I still
>>> get the same errors.  Alternatively, perhaps this is related somehow
>>> to the dovecot-lda authentication process via the password or user
>>> databases, but I can't make any sense of the documentation.
>>
>> What's the output of:
>>
>> ls -nal /home/user1
>>
>> - --
>> Steffen Kaiser
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.11 (GNU/Linux)
>>
>> iQEVAwUBVFn7O3z1H7kL/d9rAQLIkQf+NsVmLoWS4smKMBXs5auUQHEc7HNMucxa
>> rT9quBZ/0Xn2Gn4UQRTp/X3XO4UoHYHDigcYLRG0+v7qENfOIShbb4a747LX/BTE
>> JA+N4OfOWfSJGk+bz2qsxjXwMf0IGFqac1eZME41Qk6yn1CeWv4DTdY/tXmB+Cj+
>> qk/pUXcHCK/2ay6cYo9pXW3b3/VxPsLq3Q+vD9zJyFUZ5JMwAmk1zdEEPDVZGZ83
>> rmALm066qtuBePdsxrCuTEw2WyM/Zcgk6M4C40lWCWA/79PFv9FuFxAPIfjOpZaO
>> jMvzYCzCE4IdWm8dJJQ9+oe0/aO6muu5gvVgoZygsst99PUswjqFcg==
>> =YsBN
>> -----END PGP SIGNATURE-----
>> ---------------Output of GPG------------------ Decryption of block
>> failed
>> gpg: Signature made Wed 05 Nov 2014 11:26:03 AM CET using RSA key ID
>> 0BFDDF6B
>> gpg: BAD signature from "Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>"
>>
>
> - --
> Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEVAwUBVFozAHz1H7kL/d9rAQLcYggAnP86Mvdnn4sKI4/t1j22/jAetIGuA6hW
> r+BFoLtugkp/829TtNnh2FvqF6uWBo38qcni4Qa7FLKGvNOnyaW11YbzVxcvH+lS
> +58Ln5SJbAWOhbVTdLusvJZNqJIFUTQPJdx924ohDWndqcUPWdeDUDilegPm9kFS
> z6XPTE3gsrqeggGRkD0FyYcDcvO8JuDieLmZnINvJ6bAiOCJ6dgJdNt64DLSbKtk
> EMsj5Ix49m219NhkzNTrMXmlT6s/dZqO+/8B1MZ9S/w0KDGwZzYmV86hFlL3ImRp
> G5cilKZbsNuGkL0PBHFbUqPrZeAnI93hMI2SszH5cV2dbQkYUqMIew==
> =ggMr
> -----END PGP SIGNATURE-----
> ---------------Output of GPG------------------
> Decryption of block failed
> gpg: Signature made Wed 05 Nov 2014 03:24:00 PM CET using RSA key ID 0BFDDF6B
> gpg: BAD signature from "Steffen Kaiser <skdovecot at smail.inf.fh-brs.de>"
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVFsku3z1H7kL/d9rAQLz6wf+OHrqvMkrdU2Pkq6pZsa4qI0zx4tVM/+i
1BlbxZ1Nk530edO46CKcpRkW8qtU657cYxWNaqpGkYpFUUnKcGtxKhna+tI+pxCe
xdkAtah0Ept1BAGfc3HAgXILkH2akJPxR5R5opqtYFmMAYA65+cDSZ2UfWy/g68n
C9zI6QejLFZ5xhPctL9twrpNZJ2lLScQq/GFr72sXqvIr9oQtNKGxCiHFMAG8IyK
bYsQDju+FZXLgdvndm7VqgxC1/88chYkUcxnbHcr4a49ueXSrytyTrVOlgL5LjZU
Tk+TaD2bBg+YGfF4dQ2IweC7v4oH4XxZA+CaihKeAq/AXfMgmAnQLg==
=fhZe
-----END PGP SIGNATURE-----

More information about the dovecot mailing list