Hi,
On 31 Jul 2008 at 17:16, Tom Diehl wrote: Date sent: Thu, 31 Jul 2008 17:16:24 -0400 (EDT) From: Tom Diehl <[EMAIL PROTECTED]> Subject: Re: [Dovecot] Permission denied creating inbox file in /var/mail To: Steve Ochani <[EMAIL PROTECTED]> Copies to: dovecot@dovecot.org Send reply to: Dovecot Mailing List <dovecot@dovecot.org> > On Thu, 31 Jul 2008, Steve Ochani wrote: > > > Hello all, > > > > I'm using dovecot version 1.07 on CentoOS 5 (clone of RHEL 5). > > > > When there is no existing mbox file for a user in /var/mail I get > the following error: > > > > --------------- > > Jul 31 16:32:32 newnewton dovecot: imap-login: Login: > user=<testm2>, method=PLAIN, > > rip=::ffff:127.0.0.1, lip=::ffff:127.0.0.1, secured > > Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): > open(/var/mail/testm2, O_CREAT) > > failed: Permission denied > > Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): access() failed > with mbox file > > /var/mail/testm2: No such file or directory > > Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): stat() failed > with mbox file > > /var/mail/testm2: No such file or directory > > Jul 31 16:32:32 newnewton dovecot: IMAP(testm2): Connection > closed > > ---------------- > > > > > > My persimmons on /var/mail (which is a symlink to /var/spool/mail) > : > > > > drwxrwxr-x 2 root mail 4096 Jul 31 16:32 mail > > > > I have tried adding the mail group as mail_privileged_group, the > output of dovecot -n : > > > > -------------------- > > # 1.0.7: /etc/dovecot.conf > > login_dir: /var/run/dovecot/login > > login_executable(default): /usr/libexec/dovecot/imap-login > > login_executable(imap): /usr/libexec/dovecot/imap-login > > login_executable(pop3): /usr/libexec/dovecot/pop3-login > > mail_privileged_group: mail > > mail_location: mbox:~/IMAPmail:INBOX=/var/mail/%u > > mail_executable(default): /usr/libexec/dovecot/imap > > mail_executable(imap): /usr/libexec/dovecot/imap > > mail_executable(pop3): /usr/libexec/dovecot/pop3 > > mail_plugin_dir(default): /usr/lib/dovecot/imap > > mail_plugin_dir(imap): /usr/lib/dovecot/imap > > mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 > > auth default: > > passdb: > > driver: pam > > userdb: > > driver: passwd > > -------------------- > > > > > > Here is the permission on /etc/dovecot.conf > > > > -rw-r--r-- 1 root root 42833 Jul 31 15:30 /etc/dovecot.conf > > > > > > I've searched google and the mailing list archive and tried the > couple of things commonly > > suggested. > > > > As for a test I changed perms on /var/spool/mail to 777 and then > dovecot made the inbox file. > > The file ended up being owned by the user and the group owner was > the group that the user > > belongs to, not mail. > > > > When I create new users using useradd there is a 0 byte file > created in /var/mail for the user > > but I use scripts to create student accounts every semester (about > 10,000) so I'm trying to > > avoid having to add more things that the script will have to > create. > > > > Any help is greatly appreciated. > > I am not sure if this is the right answer or not but how about > "chmod 1777 /var/spool/mail"? I do this so that procmail can write > to the > mail spool. Setting the sticky bit works but I'm not sure if I will use this solution because it creates a bit of security problem. 1. Any user can start writing files in the dir now. 2. user1 can create a file as user2 and put fake mail in it. I tested this and it works, I was also unable to delete the mail since the file is owned by user1. The file got fixed by sendmail when I sent mail to user2. Thanks for you help. I think dovecot should use the mail_privileged_group group to also be able to create files, this was mentioned a couple of times before in other posts. -Steve O.