On Fri, 27 Feb 2009, Timo Sirainen wrote: > OK, so core dumps are enabled, but for some reason they > don't get written. There are really only two possibilities > then: > > a) You don't really have mail_drop_priv_before_exec=yes. > You could verify this with dovecot -n.
[r...@anubis etc]# /usr/local/sbin/dovecot -n | grep drop mail_drop_priv_before_exec: yes > b) Kernel doesn't want to write the core to /tmp/core or > before changing that it didn't want to write it to user's > home directory. [r...@anubis etc]# grep -i core /boot/config-2.6.18-92.1.22.el5 CONFIG_ELF_CORE=y # Core Netfilter Configuration CONFIG_MLX4_CORE=m CONFIG_SERIAL_CORE=y CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_I2C_OCORES is not set # CONFIG_I2C_DEBUG_CORE is not set CONFIG_PROC_KCORE=y CONFIG_PROC_VMCORE=y Is that informative? I would not be surprised if the kernel is buggy. It also indefinitely holds onto network connections in CLOSE_WAIT state, never times them out, and after some list research it seems there's no option to control that, could be wrong, but I gave up. > Your version of the patch looked ok, but why didn't the > warning get written to the log? If you didn't somehow > forget make install or something similar, the only reason > is then if mbox->mbox_privileged_locking=TRUE. But the > later code says that it's FALSE. > > Try adding one more thing before the return line: > > i_warning("privileged=%d", mbox->mbox_privileged_locking); I added that in mbox-storage.c. Looks like it didn't get that far. Yes, I did `make` and `make install` again, and watched it recompile mbox-storage.c. Just to verify, I did `make clean` and `./configure; make; make install` again. Nothing different. Feb 27 14:13:16 anubis dovecot: auth(default): client in: AUTH 1 PLAIN service=pop3 secured lip=127.0.0.1 rip=127.0.0.1 lport=110 rport=37310 resp=<hidden> Feb 27 14:13:16 anubis dovecot: auth(default): client out: OK 1 user=despam_test_anubis Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): lookup service=dovecot Feb 27 14:13:16 anubis dovecot: auth-worker(default): pam(despam_test_anubis,127.0.0.1): #1/1 style=1 msg=Password: Feb 27 14:13:16 anubis dovecot: auth(default): master in: REQUEST 1 18328 1 Feb 27 14:13:16 anubis dovecot: auth(default): passwd(despam_test_anubis,127.0.0.1): lookup Feb 27 14:13:16 anubis dovecot: auth(default): master out: USER 1 despam_test_anubis system_user=despam_test_anubis uid=511 gid=100 home=/home/anubis/despam_test_anubis Feb 27 14:13:16 anubis dovecot: child 18346 (pop3) killed with signal 11 Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): Effective uid=511, gid=100 Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): mbox: data=~/mail:INBOX=/var/spool/mail/despam_test_anubis Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): fs: root=/home/anubis/despam_test_anubis/mail, index=, control=, inbox=/var/spool/mail/despam_test_anubis Feb 27 14:13:16 anubis dovecot: POP3(despam_test_anubis): file_dotlock_create(/var/spool/mail/despam_test_anubis) failed: Permission denied (euid=511(despam_test_anubis) egid=100(users) missing +w perm: /var/spool/mail) (under root dir /home/anubis/despam_test_anubis/mail -> no privileged locking) Feb 27 14:13:16 anubis dovecot: pop3-login: Login: user=<despam_test_anubis>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured Feb 27 14:13:17 anubis dovecot: auth(default): new auth connection: pid=18347 > Also are you using any plugins? Paste your dovecot -n output? I only compiled fresh 1.1.11 source and left it in /usr/local/. The yum/rpm version is under /usr and it is not running when I do these tests. A look at lsof shows it's using the right libs for dovecot stuff... hrmm but /lib/libselinux.so.1 is linked, I wonder if that is the problem behind core dumps and these permissions. Hrmm, I set the boot flag selinux=0 and rebooted, but I still get the same errors and see /lib/libselinux.so.1 in lsof. How do I tell if I've turned selinux off? [r...@anubis etc]# /usr/local/sbin/dovecot -n # 1.1.11: /usr/local/etc/dovecot.conf # OS: Linux 2.6.18-92.1.22.el5 i686 CentOS release 5.2 (Final) syslog_facility: local0 protocols: pop3 imap ssl_ca_file: /etc/mail/certs/ca.crt ssl_cert_file: /etc/mail/certs/thishost.crt ssl_key_file: /etc/mail/certs/thishost.key login_dir: /usr/local/var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login mail_privileged_group: mail mail_uid: 8 mail_gid: 12 mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u mail_debug: yes lock_method: dotlock mail_drop_priv_before_exec: yes mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes auth default: debug: yes passdb: driver: pam userdb: driver: passwd