This happened to me too, on gentoo. Seems there’s a regression when cyrus-imapd/cyrus-sasl is linked against db-4. For me it was simple, I just masked db-4 and linked them against db-5 or db-6 and it works just fine. But in your case of a binary distro, you prolly need to post a bug report on your distro bugzilla. I didn’t investigate further. Sorry. I just thought I would save you some time… it’s not in perms and/or config files.
> On 27 Nov 2022, at 09:29, [email protected] wrote: > > We have a server which, among other things, runs an email service for our > company. This server runs RHEL 7.9, Cyrus and Sendmail. > > Now we are replacing the hardware of this server and I am configuring the new > server with RHEL 9 and the correspondingly new versions of cyrus-imapd > (3.4.1-7.el9), cyrus-sasl (2.1.27-20.el9) and sendmail (8.16.1-10-el9). I am > not copying over configuration files but editing the new files to replicate > the function of the production server. > > I have encountered difficulties with getting the Cyrus IMAP service working. > There are a number of messages in /var/log/maillog which hint that Cyrus > cannot access the SASL password database (/etc/sdsl2/sasldb2) but I am very > confused about this sequence of symptoms and cannot pose a coherent question > to you. > > A simpler problem, which may turn out to be primary, is that I cannot create > an IMAP mailbox for any user. My steps are: > > 1) "cyradm -u cyrus localhost" > 2) Enter password for cyrus account (previously created with saslpasswd2 and > verified with sasldblistusers2) > 3) "cm user/dale" > 4) Output on terminal "createmailbox: System I/O error" > 5) Output in /var/log/maillog > Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL transitioning user cyrus > Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL SASL error opening password > file. Do you have write permissions?#012Have you performed the migration from > db2 using cyrusbdb2current? > Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL Could not open > /etc/sasl2/sasldb2 > Nov 24 14:24:05 localhost cyrus/imap[2989]: SASL setpass failed for cyrus > Nov 24 14:24:05 localhost cyrus/imap[2989]: login: localhost [::1] cyrus > LOGIN User logged in SESSIONID=<cyrus-1669328623-2989-1-18343421046283723159> > Nov 24 14:25:38 localhost cyrus/imap[2989]: IOERROR: creating directory > /home/imap/d: Permission denied > Nov 24 14:25:38 localhost cyrus/imap[2989]: IOERROR: mkdir failed: > fname=</home/imap/d/user/dale/cyrus.index> syserror=<Permission denied> > func=<mailbox_create> > > There seems to be two problems here, a failure to access the SASL database > and a failure to create the mailbox caused by "Permission denied". In other > tests I changed the permission on /home/imap to allow anyone to write but > still I get "Permission denied". I have also changed the permission on > /etc/sasl2/sasldb2 to allow anyone to read. In either test the failure > persists. > > I have done a lot of searching the Red Hat Knowledge as well as general > Google searchs. I have found some sites where people are asking about these > particular log entries, but I have not seen one with a useful response. > Generally there is simply no reply. > > Below I have "sasl_pwcheck_method: saslauthd". I have also tried "auxprop" > but authentication continued to fail. > > Your help would be appreciated. > > Both the Cyrus and SASL daemons are running. > > The status of /home/imap is > [root@localhost etc]# ls -ld /home/imap > drwx------. 2 cyrus mail 6 Nov 24 00:42 /home/imap > [root@localhost etc]# ls -l /home/imap > total 0 > > The status of /etc/sasl2 > [root@localhost etc]# ls -ld /etc/sasl2/ > drwxr-xr-x. 2 root root 42 Nov 22 00:40 /etc/sasl2/ > [root@localhost etc]# ls -l /etc/sasl2/ > total 20 > -rw-------. 1 root root 16384 Nov 19 00:02 sasldb2 > -rw-r--r--. 1 root root 25 Aug 10 2021 Sendmail.conf > > Contents of /etc/imapd.conf > admins: cyrus > unixhierarchysep: on > configdirectory: /var/lib/imap > proc_path: /run/cyrus/proc > mboxname_lockpath: /run/cyrus/lock > duplicate_db_path: /run/cyrus/db/deliver.db > ptscache_db_path: /run/cyrus/db/ptscache.db > statuscache_db_path: /run/cyrus/db/statuscache.db > tls_sessions_db_path: /run/cyrus/db/tls_sessions.db > defaultpartition: default > partition-default: /home/imap > sievedir: /var/lib/imap/sieve > lmtpsocket: /run/cyrus/socket/lmtp > idlesocket: /run/cyrus/socket/idle > notifysocket: /run/cyrus/socket/notify > syslog_prefix: cyrus > httpmodules: caldav carddav domainkey freebusy ischedule rss webdav > hashimapspool: true > virtdomains: userid > popminpoll: 1 > conversations: 1 > conversations_db: twoskip > specialusealways: 1 > allowplaintext: yes > sasl_pwcheck_method: saslauthd > sasl_auto_transition: yes > tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_client_ca_file: /etc/ssl/certs/ca-bundle.crt > tls_client_ca_dir: /etc/ssl/certs > tls_sessiontimeout: 1440 > > Contents of /etc/cyrus.conf > # standard standalone server implementation, with preforked processes > > START { > # do not delete this entry! > recover cmd="ctl_cyrusdb -r" > } > > # UNIX sockets start with a slash and are put into /run/cyrus/socket > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > # pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS > # http cmd="httpd" listen="http" prefork=3 > # https cmd="httpd -s" listen="https" prefork=1 > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1 > > # this is requied if using socketmap > # smmap cmd="smmapd" listen="/run/cyrus/socket/smmap" prefork=1 > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/run/cyrus/socket/notify" proto="udp" > prefork=1 > } > > EVENTS { > # this is required > checkpoint cmd="ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="cyr_expire -E 3" at=0400 > > # Expire data older than 28 days. > deleteprune cmd="cyr_expire -E 4 -D 28" at=0430 > expungeprune cmd="cyr_expire -E 4 -X 28" at=0445 > > # this is only necessary if caching TLS sessions > tlsprune cmd="tls_prune" at=0400 > } > > DAEMON { > # this is only necessary if using idled for IMAP IDLE > idled cmd="idled" > } > Cyrus <https://cyrus.topicbox.com/latest> / SASL / see discussions > <https://cyrus.topicbox.com/groups/sasl> + participants > <https://cyrus.topicbox.com/groups/sasl/members> + delivery options > <https://cyrus.topicbox.com/groups/sasl/subscription>Permalink > <https://cyrus.topicbox.com/groups/sasl/Tc234f166b512980e-M53c72887be7b931cd2cd3319> ------------------------------------------ Cyrus: SASL Permalink: https://cyrus.topicbox.com/groups/sasl/Tc234f166b512980e-Mcabc830c7b8e2576e4fc74e2 Delivery options: https://cyrus.topicbox.com/groups/sasl/subscription
