permissions of newly created mailboxes only with dovecot-lda and posix acls
Alexander 'Leo' Bergolth
leo at strike.wu.ac.at
Sun Jul 1 12:19:57 EEST 2018
Hi!
I am experiencing troubles concerning the inheritance of the setgid bit if a new mailbox is created with dovecot-lda.
If it is created with dovecot/imap, everything works fine.
dovecot-lda is called from postfix like this:
----------
mailbox_command = /usr/local/sbin/postfix-lda.sh
----------
logger -p mail.info -t postfix-lda "H: $HOME, S: $SENDER, R: $RECIPIENT, U: $(umask), id: $(/bin/id); $@"
dovecot-lda -f "$SENDER" -a "$RECIPIENT" -onamespace/inbox/location=maildir:~/Maildir:LAYOUT=fs:FULLDIRNAME=__MAILBOX__
----------
If a mailbox is created with dovecot-lda (sieve), permissions look like that:
$ ls -ld Maildir Maildir/2018-q3 Maildir/2018-q3/__MAILBOX__
drwxrws---+ 49 leo leo 4096 Jul 1 09:53 Maildir
drwxrwx---+ 3 leo leo 24 Jul 1 09:40 Maildir/2018-q3
drwxrwx---+ 2 leo staff 6 Jul 1 09:40 Maildir/2018-q3/__MAILBOX__
-> The setguid bit of Maildir is not honored and dovecot complains:
Jul 1 09:40:42 strike postfix-lda: H: /home/leo, S: testerl at strike.wu.ac.at, R: leo at strike.wu.ac.at, umask: 0077, id: uid=500(leo) gid=500(staff) groups=500(staff);
Jul 1 09:40:42 strike dovecot: lda(leo): Error: fchown(/home/leo/Maildir/2018-q3/__MAILBOX__/cur, group=501(leo)) failed: Operation not permitted (egid=500(staff), group based on /home/leo/Maildir/2018-q3 - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm)
Jul 1 09:40:42 strike dovecot: lda(leo): Error: mkdir(/home/leo/Maildir/2018-q3/__MAILBOX__/cur) failed: Operation not permitted
Jul 1 09:40:42 strike dovecot: lda(leo): Error: sieve: msgid=<20180701074042.1B1241CFB78 at strike.wu.ac.at>: failed to store into mailbox '2018-q3': Internal error occurred. Refer to server log for more information. [2018-07-01 09:40:42]
If I create a mailbox with imap, everything works as expected:
$ ls -ld Maildir/permtest Maildir/permtest/__MAILBOX__
drwxrws---+ 3 leo leo 24 Jul 1 09:51 Maildir/permtest
drwxrws---+ 5 leo leo 108 Jul 1 09:51 Maildir/permtest/__MAILBOX__
mkdir from a shell also works fine.
The problem seems to be connected to the Posix ACLs that are set on Maildir:
$ getfacl Maildir
# file: Maildir
# owner: leo
# group: leo
# flags: -s-
user::rwx
user:bergolth:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:user:bergolth:rwx
default:group::rwx
default:mask::rwx
default:other::--x
If I remove all Posix ACLs using setfacl -b Maildir, creation of new mailboxes works fine also with dovecot-lda.
Why is dovecot-lda behaving differently if Posix-ACLs are set on Maildir? Any why isn't dovecot imap affected?
Any help would be greatly appreciated, I am actually clueless!
Cheers,
--leo
dovecot-2.2.32-1leo.el7.centos.x86_64
dovecot-pigeonhole-2.2.32-1leo.el7.centos.x86_64
postfix-2.10.1-6.el7.x86_64
# uname -r
4.4.138-1.el7.elrepo.x86_64
--
e-mail ::: Leo.Bergolth (at) wu.ac.at
fax ::: +43-1-31336-906050
location ::: IT-Services | Vienna University of Economics | Austria
More information about the dovecot
mailing list