Re: [Dovecot] /var/run/dovecot mode 750 too tight
On November 29, 2009 9:31:22 PM -0500 Timo Sirainen wrote: On Nov 29, 2009, at 1:24 PM, Frank Cusack wrote: dovecot-1.2.8 creates /var/run/dovecot mode 750. No, it creates it with mode 0755. Did you compile from sources? Are you sure it's 0750 if you rm -rf the directory and start "dovecot" binary directly (instead of e.g. some init script creating it)? You're right, thank you. I am using 1.2.8 from source but my init script still has the directory creation itself as well ... which sets the wrong mode. -frank
Re: [Dovecot] Can't start dovecot from heartbeat
On Nov 29, 2009, at 7:13 AM, John Gray wrote: > I get the following error: > > Fatal: epoll_create(): Too many open files (you may need to increase > /proc/sys/fs/epoll/max_user_instances) > > Works fine if I start it by hand, I'm guessing it has to due with the > environment heart starts it in? That happens immediately at startup? Yeah, there's something not set up correctly. > My first thought was to do exactly what the message suggests, but my > kernel doesn't appear to define max_user_instances, but there is a > max_user_watches. What Linux kernel version? Looks like the whole /proc/sys/fs/epoll/ doesn't exist in latest CentOS (2.6.18 kernel), even though epoll_create man page refers to it.. Anyway, I can't really help much. What heartbeat are you talking about? linux-ha.org's? Maybe they have some mailing list and can answer this.
Re: [Dovecot] /var/run/dovecot mode 750 too tight
On Nov 29, 2009, at 1:24 PM, Frank Cusack wrote: > dovecot-1.2.8 creates /var/run/dovecot mode 750. No, it creates it with mode 0755. Did you compile from sources? Are you sure it's 0750 if you rm -rf the directory and start "dovecot" binary directly (instead of e.g. some init script creating it)?
Re: [Dovecot] /var/run/dovecot mode 750 too tight
On November 29, 2009 8:40:13 PM +0100 Thomas Leuxner wrote: Am 29.11.2009 um 20:31 schrieb Frank Cusack: dovecot-1.2.8 creates /var/run/dovecot mode 750. I run postfix+dovecot in a virtual user setup. Postfix calls deliver as user vmail group vmail. Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error] deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master) failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x perm: /var/run/dovecot) So it can't access that directory as it states. It would create that structure upon start to my knowledge. Mine is [20:38] root spectre:/# l -d /var/run/dovecot drwxr-xr-x 3 root root 4096 2009-11-25 13:20 /var/run/dovecot What is yours? Mine is, as I noted in the very first line of my email, mode 750. I normally would have removed all of the quoted lines above but I left it so you can see back to the first line. You are probably missing the information that this is new in dovecot-1.2.8. Prior to that, dovecot created /var/run/dovecot mode 777, which was a security hole. I wasn't looking for a fix, I was reporting a problem. It only affects systems where /var/run is on tmpfs and so dovecot has to create /var/run/dovecot the first time it runs after a reboot. Thanks for the look, though. -frank
Re: [Dovecot] /var/run/dovecot mode 750 too tight
Am 29.11.2009 um 20:31 schrieb Frank Cusack: >>> dovecot-1.2.8 creates /var/run/dovecot mode 750. >>> >>> I run postfix+dovecot in a virtual user setup. Postfix calls deliver >>> as user vmail group vmail. >>> >>> Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error] >>> deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master) >>> failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x >>> perm: /var/run/dovecot) So it can't access that directory as it states. It would create that structure upon start to my knowledge. Mine is [20:38] root spectre:/# l -d /var/run/dovecot drwxr-xr-x 3 root root 4096 2009-11-25 13:20 /var/run/dovecot What is yours? Regards Thomas
Re: [Dovecot] /var/run/dovecot mode 750 too tight
On November 29, 2009 8:11:28 PM +0100 Thomas Leuxner
wrote:
Am 29.11.2009 um 19:24 schrieb Frank Cusack:
dovecot-1.2.8 creates /var/run/dovecot mode 750.
I run postfix+dovecot in a virtual user setup. Postfix calls deliver
as user vmail group vmail.
Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error]
deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master)
failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x
perm: /var/run/dovecot)
I will say this: dovecot's error reporting in general is head and
shoulders above the norm. Makes tracking down problems sooo much easier.
Something else I noticed, should the dict-server socket really be mode
777? At least a-x I would think.
-frank
Probably easier to tell if you would post your setup, but I guess this
fixes it:
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user= vmail
group = vmail
}
No, as that only affects the socket itself. If you look at the error
message and my email you see that the problem is in the parent directory.
I do have user=vmail on the socket. I didn't set group=vmail but with
mode 0600 that doesn't matter.
-frank
Re: [Dovecot] /var/run/dovecot mode 750 too tight
Am 29.11.2009 um 19:24 schrieb Frank Cusack:
> dovecot-1.2.8 creates /var/run/dovecot mode 750.
>
> I run postfix+dovecot in a virtual user setup. Postfix calls deliver
> as user vmail group vmail.
>
> Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error] deliver(frank):
> userdb lookup: connect(/var/run/dovecot/auth-master) failed: Permission
> denied (euid=500(vmail) egid=500(vmail) missing +x perm: /var/run/dovecot)
>
> I will say this: dovecot's error reporting in general is head and shoulders
> above the norm. Makes tracking down problems sooo much easier.
>
> Something else I noticed, should the dict-server socket really be mode 777?
> At least a-x I would think.
>
> -frank
Probably easier to tell if you would post your setup, but I guess this fixes it:
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user= vmail
group = vmail
}
Regards
Thomas
Re: [Dovecot] Vacation message with Sieve
On November 24, 2009 11:44:52 AM +0800 Patrick Nagel wrote: set 'days' to 1, there was an outcry by other project managers that the contacts would probably not read the auto reply on the first time, or forget about it immediately, and then send more mails during the day. I had a lengthy discussion involving me questioning those contacts' intellect, but in the end I had to give in to a strong opposition against "only one auto reply per day". Sometimes the correct solution in a case like that is to agree and then do nothing. They will never notice. -frank
[Dovecot] /var/run/dovecot mode 750 too tight
dovecot-1.2.8 creates /var/run/dovecot mode 750. I run postfix+dovecot in a virtual user setup. Postfix calls deliver as user vmail group vmail. Nov 29 12:53:04 imap.invalid dovecot: [ID 583609 mail.error] deliver(frank): userdb lookup: connect(/var/run/dovecot/auth-master) failed: Permission denied (euid=500(vmail) egid=500(vmail) missing +x perm: /var/run/dovecot) I will say this: dovecot's error reporting in general is head and shoulders above the norm. Makes tracking down problems sooo much easier. Something else I noticed, should the dict-server socket really be mode 777? At least a-x I would think. -frank
Re: [Dovecot] Vacation message with Sieve
On November 24, 2009 11:44:52 AM +0800 Patrick Nagel wrote: Someone will probably ask why an auto reply to the same person more than once a day might be necessary. In my case I want an autoresponder for a shared email account. info@ "Your message has been received, thank you blah bah". Easy enough for me to patch the sieve code which is likely what I'll do. -frank
[Dovecot] Can't start dovecot from heartbeat
I get the following error: Fatal: epoll_create(): Too many open files (you may need to increase /proc/sys/fs/epoll/max_user_instances) Works fine if I start it by hand, I'm guessing it has to due with the environment heart starts it in? My first thought was to do exactly what the message suggests, but my kernel doesn't appear to define max_user_instances, but there is a max_user_watches. I'm running 1.2.8, by the way. But I had a similar problem with earlier version too. John
