Re: [Dovecot] Permissions problems
wrote: Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot.index.log.newlock, /mpool/mail/mark/dovecot.index.log) failed: Permission denied ... This is what the directory currently looks like: mark@proliant-1:~$ ls -la /mpool/mail total 6 drwxrwxrwx+ 3 root root 3 2013-11-24 17:17 . drwxr-xr-x+ 5 root root 5 2013-11-24 13:50 .. drwxrwxrwx+ 5 mark staff 9 2013-11-24 22:20 mark I'm think the "+" is the problem: you have, in the words of the manpage for ls, ... this character is a plus sign (+) character if a non-trivial ACL is associated with the file ... Try ls -alv /mpool/mail I don't use ACLs, so I can help you how to modify them. Joseph Tam
Re: [Dovecot] Permissions problems
> That's a filesystem problem. I figured as much. > The users do have distinct home directories (from passwd) separated from the mail location? Yeah, in this case /home/mark is the home folder. If necessary I can remove the mail_location directive and test using the users home dir and see if that fails (also on ZFS but in the root storage pool). > is it possible that two Dovecot instances > try to access the same storage ? Or is > there some hardening (SELinux/ > AppArmor) in action? The dovecot mail system is running on OpenSolaris (OpenIndiana to be precise) and uses Solaris's Service Management (smf) to stop and start. I am relatively sure SMF won't let 2 instances run at once. > Or are there some special ACLs in ZFS that > prevent that rename() operation on file > system level? Does the user mark has the > permission at all? Not certain. I don't think so and I certainly didn't enable anything along those lines but this is my first deployment on Solaris so I'm a little out of my depth. I'm used to Debian Linux. -- Mark
Re: [Dovecot] Permissions problems
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 27 Nov 2013, Google wrote: Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot.index.log.newlock, /mpool/mail/mark/dovecot.index.log) failed: Permission denied That's a filesystem problem. The output from doveconf -n (this is changes from the default settings I think?) is: root@proliant-1:~# doveconf -n # 2.0.20: /etc/opt/csw/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs auth_first_valid_uid = 101 disable_plaintext_auth = no first_valid_uid = 101 mail_location = maildir:/mpool/mail/%u passdb { driver = pam } ssl_cert = The users do have distinct home directories (from passwd) separated from the mail location? Is this still a ‘safe’ way to do things or would I be better off relocating each user’s ‘home’ directory to the pool somehow? This is what the directory currently looks like: mark@proliant-1:~$ ls -la /mpool/mail total 6 drwxrwxrwx+ 3 root root 3 2013-11-24 17:17 . drwxr-xr-x+ 5 root root 5 2013-11-24 13:50 .. drwxrwxrwx+ 5 mark staff 9 2013-11-24 22:20 mark mark@proliant-1:~$ ls -la /mpool/mail/mark/ total 14 drwxrwxrwx+ 5 mark staff 9 2013-11-24 22:20 . drwxrwxrwx+ 3 root root 3 2013-11-24 17:17 .. drwxrwxrwx+ 2 mark staff 2 2013-11-24 17:17 cur -rwxrwxrwx+ 1 mark staff 51 2013-11-24 22:20 dovecot-uidlist.tmp -rwxrwxrwx+ 1 mark staff 8 2013-11-24 22:20 dovecot-uidvalidity -rwxrwxrwx+ 1 mark staff 0 2013-11-24 17:17 dovecot-uidvalidity.529234ad -rwxrwxrwx+ 1 mark staff 40 2013-11-24 22:20 dovecot.index.log.newlock drwxrwxrwx+ 2 mark staff 2 2013-11-24 17:17 new drwxrwxrwx+ 2 mark staff 3 2013-11-24 17:21 tmp Any ideas? is it possible that two Dovecot instances try to access the same storage ? Or is there some hardening (SELinux/AppArmor) in action? Or are there some special ACLs in ZFS that prevent that rename() operation on file system level? Does the user mark has the permission at all? - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEVAwUBUpW1n13r2wJMiz2NAQL6+wf/UdkI0kKZKwRT1+VgSxE2QJqVwrDr0GN2 IK5fljL3Hnx4PDjnofEJ6yXT7xJGTveaZ9yQahQbx0oakBBTKsEgZsNxBB+TOyjE MsYBzYbQKK+JqR7yUt3YwnJXmPrCATOhd0WKqgX4xb94X4nn3id2/l3bjqNnQUtm QPB2r+gVT2AtisB5Onzaocf7wdkPoMD1vMaW+Z9VqSBvzWzezoxoEXDbButWkrQf C1K0r+eK+IU3KxXboZ2ceu4QqlFth8GlOX9F9e2zFfRJ747qJcmEI9wxfbqCkBKs ic+A//km4mv6Y6erObBOj/jtT82jm7P0RBWBKkmKnO6Fg7AI/GIvQg== =qGop -END PGP SIGNATURE-
[Dovecot] Permissions problems
Hi, I have dovecot 2.0.20 running (its an old version, I know, it came from the stable archive at OpenCSW) with Solaris SMF integration working fine. It enables and disables okay. However, I cantt connect to it, it is allowing the connection, but spewing on permissions: Nov 24 17:34:20 proliant-1 dovecot: [ID 583609 mail.info] master: Dovecot v2.0.20 starting up Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login: user=, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18816 Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login: user=, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18818 Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login: user=, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18820 Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap(mark): Connection closed bytes=17/340 Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.info] imap-login: Login: user=, method=PLAIN, rip=192.168.1.69, lip=192.168.1.72, mpid=18822 Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot.index.log.newlock, /mpool/mail/mark/dovecot.index.log) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: rename(/mpool/mail/mark/dovecot-uidlist.tmp, /mpool/mail/mark/dovecot-uidlist) failed: Permission denied Nov 24 17:34:27 proliant-1 dovecot: [ID 583609 mail.error] imap(mark): Error: unlink(/mpool/mail/mark/dovecot-uidlist.tmp) failed: Permission denied If I actually try to copy mail to the inbox of the account it core-dumps and does, and the SMF service drops into maintenance mode which requires re-enabling. The output from doveconf -n (this is changes from the default settings I think?) is: root@proliant-1:~# doveconf -n # 2.0.20: /etc/opt/csw/dovecot/dovecot.conf # OS: SunOS 5.11 i86pc zfs auth_first_valid_uid = 101 disable_plaintext_auth = no first_valid_uid = 101 mail_location = maildir:/mpool/mail/%u passdb { driver = pam } ssl_cert = http://DECtec.info Twitter: @DECtecInfo HECnet: STAR69::MARK Online Resource & Mailing List for DEC Enthusiasts.