Bug#471716: Debian Bug #471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
* 2008-05-27 13:53, Timo Sirainen wrote: I fixed this in v1.1 a few days ago. Here's also for v1.0: http://hg.dovecot.org/dovecot-1.0/rev/932768a879c6 Thanks Timo, I'm uploading a new release of the Debian package with this patch included. Cheers, -- Fabio Tranchitella http://www.kobold.it Free Software Developer and Consultant http://www.tranchitella.it _ 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
Package: dovecot-common Version: 1.0.rc15-2etch4 Severity: important I began receiving the following log messages for numerous users after upgrading to the most recent stable version of dovecot and changing the configuration files to use mail_priviliged_group instead of mail_extra_groups. Mar 18 20:31:13 porter dovecot: POP3(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Mar 18 20:51:46 porter dovecot: IMAP(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied The errors seem to correspond to connections by a mail client, however they do not occur for every connection and I get this error for some users much more than others. The permissions I have set for the /var/mail directory and inbox files are: drwxrwsr-x 2 root mail 4096 2008-03-19 11:11 /var/mail -rw-r- 1 logang mail 39860176 2008-03-18 22:31 /var/mail/logang Also, note that these files are stored on an NFS mount and fcntl locking with lockd is used. I briefly tried dotlock, but still got the error messages. If I add the mail group to the mail_access_groups the problem appears to go away. (I'm aware that due to the security concerns this is not an acceptable permanent fix.) Besides these errors, email clients still work fine, and I have not received any complaints from users regarding any unusual behaviour with their mail. -- System Information: Debian Release: 4.0 APT prefers deltatee APT policy: (500, 'deltatee'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.21.1deltatee Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_CA) Versions of packages dovecot-common depends on: ii add 3.102Add and remove users and groups ii lib 2.3.6.ds1-13etch5GNU C Library: Shared libraries ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries ii lib 2.1.30-13.3 OpenLDAP libraries ii lib 5.0.32-7etch5mysql database client library ii lib 0.79-5 Runtime support for the PAM librar ii lib 0.79-5 Pluggable Authentication Modules l ii lib 8.1.11-0etch1PostgreSQL C client library ii lib 3.3.8-1.1SQLite 3 shared library ii lib 0.9.8c-4etch1SSL shared libraries ii ope 0.9.8c-4etch1Secure Socket Layer (SSL) binary a ii zli 1:1.2.3-13 compression library - runtime dovecot-common recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
On Wed, 2008-03-19 at 11:45 -0600, Logan Gunthorpe wrote: Mar 18 20:31:13 porter dovecot: POP3(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Mar 18 20:51:46 porter dovecot: IMAP(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Do these files get deleted by something? Can your users access the mailboxes directly? Some MUAs delete the whole mbox when all messages have been deleted. mail_privileged_group is used only while dotlocking, it's not used when trying to create new mailboxes. Perhaps it should also be used for creating INBOX.. signature.asc Description: This is a digitally signed message part
Bug#471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
Hello, * 2008-03-19 18:54, Logan Gunthorpe wrote: Package: dovecot-common Version: 1.0.rc15-2etch4 Severity: important I began receiving the following log messages for numerous users after upgrading to the most recent stable version of dovecot and changing the configuration files to use mail_priviliged_group instead of mail_extra_groups. Mar 18 20:31:13 porter dovecot: POP3(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Mar 18 20:51:46 porter dovecot: IMAP(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied The mail_priviliged_group is used for writing the lock file, but it seems that the problem lies somewhere else and this is why adding the mail group added to mail_priviliged_group doesn't fix it. I don't see any obvious reason why you get these messages. Do you use the sieve plug-in? Also, can you strace some of the processes to understand what is happening? Thanks, -- Fabio Tranchitella http://www.kobold.it Free Software Developer and Consultant http://www.tranchitella.it _ 1024D/7F961564, fpr 5465 6E69 E559 6466 BF3D 9F01 2BF8 EE2B 7F96 1564 signature.asc Description: Digital signature
Bug#471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
These files never get deleted. They should be simply opening the already existing files. It may be a good idea to use the mail_privileged_group for creating new inboxes however I do not believe that is the problem here. Timo Sirainen wrote: On Wed, 2008-03-19 at 11:45 -0600, Logan Gunthorpe wrote: Mar 18 20:31:13 porter dovecot: POP3(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Mar 18 20:51:46 porter dovecot: IMAP(logang): open(/var/mail/logang, O_CREAT) failed: Permission denied Do these files get deleted by something? Can your users access the mailboxes directly? Some MUAs delete the whole mbox when all messages have been deleted. mail_privileged_group is used only while dotlocking, it's not used when trying to create new mailboxes. Perhaps it should also be used for creating INBOX.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#471716: dovecot-common: Permission Denied Errors after converting to 'mail_privileged_group'
Hi,
I do not use the sieve plug-in.
I've attached a the strace log of a single process with an error. I've
obfuscated the user's name with user.
Just for reference this log was created using the following commands (as
root):
strace -tf dovecot -F 2 ~/dovecot.strace
grep 'pid 6477' /root/dovecot.strace dovecot.6477.strace
If you would like the full unedited dovecot.strace log I can send you
that. However, it is 11MB and I'd prefer not to post the user
information it contains on the public mailing list.
Also, this may be nothing, but when I ran the command above with sudo,
(instead of su'ing) the problem did not seem to occur. I ran it for a
good half hour with no errors, and when I switched to su I got a couple
errors rather quickly. Although, that may have just been a coincidence.
Thanks,
Logan
Fabio Tranchitella wrote:
Hello,
* 2008-03-19 18:54, Logan Gunthorpe wrote:
Package: dovecot-common
Version: 1.0.rc15-2etch4
Severity: important
I began receiving the following log messages for numerous users after
upgrading to the most recent stable version of dovecot and changing the
configuration files to use mail_priviliged_group instead of
mail_extra_groups.
Mar 18 20:31:13 porter dovecot: POP3(logang): open(/var/mail/logang, O_CREAT)
failed: Permission denied
Mar 18 20:51:46 porter dovecot: IMAP(logang): open(/var/mail/logang, O_CREAT)
failed: Permission denied
The mail_priviliged_group is used for writing the lock file, but it seems
that the problem lies somewhere else and this is why adding the mail group
added to mail_priviliged_group doesn't fix it.
I don't see any obvious reason why you get these messages. Do you use the
sieve plug-in? Also, can you strace some of the processes to understand
what is happening?
Thanks,
[pid 6477] 14:29:44 dup2(42, 0 unfinished ...
[pid 6477] 14:29:44 ... dup2 resumed ) = 0
[pid 6477] 14:29:44 dup2(42, 1 unfinished ...
[pid 6477] 14:29:44 ... dup2 resumed ) = 1
[pid 6477] 14:29:44 dup2(45, 2 unfinished ...
[pid 6477] 14:29:44 ... dup2 resumed ) = 2
[pid 6477] 14:29:44 fcntl64(0, F_GETFD unfinished ...
[pid 6477] 14:29:44 ... fcntl64 resumed ) = 0
[pid 6477] 14:29:44 fcntl64(0, F_SETFD, 0) = 0
[pid 6477] 14:29:44 fcntl64(1, F_GETFD) = 0
[pid 6477] 14:29:44 fcntl64(1, F_SETFD, 0) = 0
[pid 6477] 14:29:44 fcntl64(2, F_GETFD) = 0
[pid 6477] 14:29:44 fcntl64(2, F_SETFD, 0) = 0
[pid 6477] 14:29:44 setrlimit(RLIMIT_DATA, {rlim_cur=262144*1024,
rlim_max=262144*1024}) = 0
[pid 6477] 14:29:44 setrlimit(RLIMIT_AS, {rlim_cur=262144*1024,
rlim_max=262144*1024}) = 0
[pid 6477] 14:29:44 setresgid32(-1, 100, -1) = 0
[pid 6477] 14:29:44 setresuid32(-1, 2190, -1) = 0
[pid 6477] 14:29:44 chdir(/home/user) = 0
[pid 6477] 14:29:44 setresuid32(-1, 0, -1) = 0
[pid 6477] 14:29:44 umask(077) = 077
[pid 6477] 14:29:44 close(11) = 0
[pid 6477] 14:29:44 execve(/usr/lib/dovecot/pop3, [pop3], [/* 37 vars */])
= 0
[pid 6477] 14:29:44 uname({sys=Linux, node=porter, ...}) = 0
[pid 6477] 14:29:44 brk(0) = 0x80c5000
[pid 6477] 14:29:44 fcntl64(0, F_GETFD) = 0
[pid 6477] 14:29:44 fcntl64(1, F_GETFD) = 0
[pid 6477] 14:29:44 fcntl64(2, F_GETFD) = 0
[pid 6477] 14:29:44 access(/etc/suid-debug, F_OK) = -1 ENOENT (No such file
or directory)
[pid 6477] 14:29:44 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such
file or directory)
[pid 6477] 14:29:44 mmap2(NULL, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fc9000
[pid 6477] 14:29:44 access(/etc/ld.so.preload, R_OK) = -1 ENOENT (No such
file or directory)
[pid 6477] 14:29:44 open(/etc/ld.so.cache, O_RDONLY) = 3
[pid 6477] 14:29:44 fstat64(3, {st_mode=S_IFREG|0644, st_size=25539, ...}) = 0
[pid 6477] 14:29:44 mmap2(NULL, 25539, PROT_READ, MAP_PRIVATE, 3, 0) =
0xb7fc2000
[pid 6477] 14:29:44 close(3) = 0
[pid 6477] 14:29:44 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such
file or directory)
[pid 6477] 14:29:44 open(/lib/tls/libdl.so.2, O_RDONLY) = 3
[pid 6477] 14:29:44 read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\f\0..., 512) = 512
[pid 6477] 14:29:44 fstat64(3, {st_mode=S_IFREG|0644, st_size=9592, ...}) = 0
[pid 6477] 14:29:44 mmap2(NULL, 12404, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7fbe000
[pid 6477] 14:29:44 mmap2(0xb7fc, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7fc
[pid 6477] 14:29:44 close(3) = 0
[pid 6477] 14:29:44 access(/etc/ld.so.nohwcap, F_OK) = -1 ENOENT (No such
file or directory)
[pid 6477] 14:29:44 open(/lib/tls/libc.so.6, O_RDONLY) = 3
[pid 6477] 14:29:44 read(3,
\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240O\1..., 512) = 512
[pid 6477] 14:29:44 fstat64(3, {st_mode=S_IFREG|0644, st_size=1245488, ...}) = 0
[pid 6477] 14:29:44 mmap2(NULL, 1251484, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e8c000
[pid 6477] 14:29:44 mmap2(0xb7fb4000, 28672, PROT_READ|PROT_WRITE,
