<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div id="body" class="messagebody">
<div class="pws">
<p>Further investigation shows that `doveconf` called
`/usr/lib/dovecot/managesieve` which in return calls
`doveconf` again, but with another uid (possible? I'm not
sure) and a few extra arguments, which causes a call to `glob`
in `src/config/config-parser.c:settings_include` to fail with
`GLOB_NOMATCH`.
<br>
<br>
I'd be appreciate if anyone can provide information on
suspicious permission-relating operation that `managesieve`
does before calling `doveconf`.
</p>
<p> I just can't find a way to post reply on previous mails, so
I decided to post a new one. The original text follows.<br>
</p>
<p>On 2019/6/6 3:15, Ben Ma wrote:
</p>
<blockquote type="cite">
I'm on dovecot 2.3.3 (dcead646b). Output of `dovecot -n`:<br>
<br>
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole
version
0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file
/etc/dovecot/dovecot.conf line 98: No matches doveconf: Error:
managesieve-login: dump-capability process returned 89
doveconf: Fatal:
Error in configuration file /etc/dovecot/dovecot.conf line 98:
No
matches<br>
<br>
While line 98 of dovecot.conf is just "!include
conf.d/*.conf".<br>
<br>
Output of `doveconf -n`:<br>
<br>
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf # Pigeonhole
version
0.5.3 (f018bbab) doveconf: Fatal: Error in configuration file
/etc/dovecot/dovecot.conf line 98: No matches doveconf: Error:
managesieve-login: dump-capability process returned 89 # OS:
Linux
4.12.14-lp151.28.4-default x86_64 # Hostname: XXX doveconf:
Error:
t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink()
failed: No
such file or directory namespace inbox { .............
(Removed for
simplicity) } ssl = required ssl_cert =
</etc/postfix/ssl/certs/phys.cer ssl_options =
no_compression
ssl_prefer_server_ciphers = yes userdb { driver = passwd }<br>
<br>
It's strange that all the extra content (especially ssl conf)
only
occurs in conf.d/10-ssl.conf.<br>
<br>
To dig on what's happening underneath I ran `strace doveconf
-n
2>&1 |egrep "\.conf|conf\.d"` and got:<br>
<br>
write(1, "# 2.3.3 (dcead646b): /etc/doveco"..., 47# 2.3.3
(dcead646b):
/etc/dovecot/dovecot.conf openat(AT_FDCWD,
"/etc/dovecot/dovecot.conf",
O_RDONLY) = 7 wait4(-1, doveconf: Fatal: Error in
configuration file
/etc/dovecot/dovecot.conf line 98: No matches
open("/etc/dovecot/conf.d",
O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) =
8 openat(AT_FDCWD, "/etc/dovecot/conf.d/90-sieve.conf",
O_RDONLY) = 8
............. (Removed for simplicity) openat(AT_FDCWD,
"/etc/dovecot/conf.d/10-ssl.conf", O_RDONLY) = 20
openat(AT_FDCWD,
"/etc/dovecot/conf.d/10-auth.conf", O_RDONLY) = 25
stat("/etc/dovecot/conf.d/auth-system.conf.ext",
{st_mode=S_IFREG|0644,
st_size=2182, ...}) = 0 openat(AT_FDCWD,
"/etc/dovecot/conf.d/auth-system.conf.ext", O_RDONLY) = 26
stat("/etc/dovecot/local.conf", 0x7ffd94664760) = -1 ENOENT
(No such
file or directory) stat("/etc/resolv.conf",
{st_mode=S_IFREG|0644,
st_size=709, ...}) = 0 open("/etc/host.conf",
O_RDONLY|O_CLOEXEC) = 7
read(7, "#\n# /etc/host.conf - resolver co"..., 4096) = 370
open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 7 read(7, "###
/etc/resolv.conf is a symlin"..., 4096) = 709
readlink("/var/run/dovecot/dovecot.conf", 0x5555db302598, 128)
= -1
ENOENT (No such file or directory) write(2, "doveconf: Error:
t_readlink(/var"..., 112doveconf: Error:
t_readlink(/var/run/dovecot/dovecot.conf) failed: readlink()
failed: No
such file or directory<br>
<br>
It seems that files in conf.d is never read before doveconf's
complaint!
I have totally no idea why this happens. Any help?
</blockquote>
</div>
</div>
</body>
</html>