Bill Oliver writes:
There's *one* user I can't get it to work on without a
workaround. The user is "newuser" and the uid is 1111 (actual name and
number changed to protect the innocent). The error I get in my maillog
is:
The error I get in may maillog is:
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not
permitted (egid=1111(newuser), group based on /var/mail/newuser)
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not
permitted (egid=1111(newuser), group based on /var/mail/newuser)
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
chown(/home/newuser/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not
permitted (egid=1111(newuser), group based on /var/mail/newuser)
Aug 29 16:02:11 localbox dovecot: imap(newuser): Error:
mkdir(/home/newuser/mail/.imap/INBOX) failed: Operation not permitted
Now, it looks to me like dovecot is saying that the user newuser can't
get to the /home/newuser/mail/.imap directory because it doesn't have
permission. However, the user newuser has all the permissions it needs:
$ ls -la /home/newuser/mail
total 20
drwxrw---- 3 newuser newuser 4096 Aug 29 15:01 .
drwxrw---- 6 newuser newuser 4096 Aug 29 12:16 ..
drwxrwx--- 2 newuser newuser 4096 Aug 29 16:05 .imap
-rw-rw---- 1 newuser newuser 499 Aug 13 07:56 saved-messages
-rw-rw---- 1 newuser newuser 1756 Aug 16 11:15 sent-mail
The output of doveconf -n would have been useful, especially as it
relates to your mail_location value, but I can make a pretty good guess
at what is happening.
Dovecot is trying to create indices with analogous permissions to your
mailbox files. Your user's INBOX (/var/mail/newuser) has permission
user:group:mode = 1111:12:0660 *but* newuser is not in group "mail"
(GID 12), hence it cannot do the required chown operations.
(Notice the mode of .imap/: the group write is on so the chmod worked.)
Your INBOX ended up this way because some LDA's auto-create new INBOX's
with these permissions (to allow access to other part of the mail sysyem
that are set-gid "mail"). Options:
1) chmod g-rwx /var/mail/newuser
- assumes you have no other parts of your
mailsystem that needs access to all user
INBOX by assuming group "mail".
- dovecot is smart enough to figure out
group membersip is irrelevant is groups access
is nil.
2) chgrp newuser /var/mail/newuser
3) To avoid future problems: make sure new mailboxes
are created with workable permissions.
There are also dovecot configs that loosen up some group access, but
you'll have to investigate that yourself.
Joseph Tam <t...@math.ubc.ca>
