Re: [Dovecot] pop3 gives a permission denied error on chdir
On Tuesday 26 May 2009 13:33:24 Max Ivanov wrote: > > If strace says chdir() failed with EACCES, the only way it could be > > something else is if kernel is buggy or there is some kernel security > > module preventing the access. > > Or dovecot doesn't change uid to user one and still acts as dovecot > user, but its unlikely to be true . solved - I had to reboot the server because postgresl was acting funny in another application - after the restart, it worked perfectly. Only I lost my 59 days uptime. Sorry to trouble you guys, but this is the first time in my life that I have solved a problem in a linux box by rebooting. -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
> If strace says chdir() failed with EACCES, the only way it could be > something else is if kernel is buggy or there is some kernel security > module preventing the access. Or dovecot doesn't change uid to user one and still acts as dovecot user, but its unlikely to be true
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Tue, 2009-05-26 at 11:24 +0530, Kenneth Gonsalves wrote: > > I can't really give any more suggestions. It should either be a > > directory permission problem somewhere or SELinux or something. You > > could maybe temporarily try installing v1.2 and see what it logs as > > the error. It should tell what exactly is missing. > > SELinux is not installed, and since dovecot is able to write to the concerned > directory when delivering mail, Mail delivery path is completely different. There it's your MTA that sets up the permissions before calling deliver. > I do not think it is a permission problem. I > think the error message is somehow wrong - I will install v1.2 and try again. If strace says chdir() failed with EACCES, the only way it could be something else is if kernel is buggy or there is some kernel security module preventing the access. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Monday 25 May 2009 23:00:46 Timo Sirainen wrote:
> >> were you able to detect anything? I am still stuck with the problem.
> >
> > Well, strace says what Dovecot also says:
> >
> > 5598 chdir("/home/vmail/example.com/john") = -1 EACCES (Permission
> > denied)
>
> I can't really give any more suggestions. It should either be a
> directory permission problem somewhere or SELinux or something. You
> could maybe temporarily try installing v1.2 and see what it logs as
> the error. It should tell what exactly is missing.
SELinux is not installed, and since dovecot is able to write to the concerned
directory when delivering mail, I do not think it is a permission problem. I
think the error message is somehow wrong - I will install v1.2 and try again.
--
regards
Kenneth Gonsalves
Associate
NRC-FOSS
http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On May 25, 2009, at 1:28 PM, Timo Sirainen wrote:
On May 25, 2009, at 7:16 AM, Kenneth Gonsalves wrote:
On Thursday 21 May 2009 12:51:11 Kenneth Gonsalves wrote:
On Thursday 21 May 2009 12:40:00 you wrote:
exec "strace -f -o /tmp/access.log -etrace=file -p
"
then try to access pop3 when fail occurs send us /tmp/access.log
(gzipped)
attached
were you able to detect anything? I am still stuck with the problem.
Well, strace says what Dovecot also says:
5598 chdir("/home/vmail/example.com/john") = -1 EACCES (Permission
denied)
I can't really give any more suggestions. It should either be a
directory permission problem somewhere or SELinux or something. You
could maybe temporarily try installing v1.2 and see what it logs as
the error. It should tell what exactly is missing.
Re: [Dovecot] pop3 gives a permission denied error on chdir
On May 25, 2009, at 7:16 AM, Kenneth Gonsalves wrote:
On Thursday 21 May 2009 12:51:11 Kenneth Gonsalves wrote:
On Thursday 21 May 2009 12:40:00 you wrote:
exec "strace -f -o /tmp/access.log -etrace=file -p "
then try to access pop3 when fail occurs send us /tmp/access.log
(gzipped)
attached
were you able to detect anything? I am still stuck with the problem.
Well, strace says what Dovecot also says:
5598 chdir("/home/vmail/example.com/john") = -1 EACCES (Permission
denied)
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Thursday 21 May 2009 12:51:11 Kenneth Gonsalves wrote: > On Thursday 21 May 2009 12:40:00 you wrote: > > exec "strace -f -o /tmp/access.log -etrace=file -p " > > then try to access pop3 when fail occurs send us /tmp/access.log > > (gzipped) > > attached were you able to detect anything? I am still stuck with the problem. -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Thursday 21 May 2009 12:50:05 Timo Sirainen wrote: > > I also did a chmod o+r on /home, /home/vmail, /home/vmail/ > > example.com and > > /home/vmail/example.com/john > > chdir() wants +x, not +r. that doesn't work either -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Thursday 21 May 2009 12:40:00 you wrote: > exec "strace -f -o /tmp/access.log -etrace=file -p " > then try to access pop3 when fail occurs send us /tmp/access.log > (gzipped) attached -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/ access.log.gz Description: GNU Zip compressed data
Re: [Dovecot] pop3 gives a permission denied error on chdir
On May 21, 2009, at 2:58 AM, Kenneth Gonsalves wrote: greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/ john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john I also did a chmod o+r on /home, /home/vmail, /home/vmail/ example.com and /home/vmail/example.com/john chdir() wants +x, not +r.
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Thursday 21 May 2009 12:15:12 Kenneth Gonsalves wrote: > On Wednesday 20 May 2009 18:49:25 Steffen Kaiser wrote: > > Well, there are lots of "permission denied" problems lately. > > > > Are you really absolutely sure that user with uid 5000 may chdir into > > /home/vmail/example.com/john ?? > > > > I mean, make sure "su" may set uid to the user of UID 5000 (esp. the > > shell is a real shell, so (as root) # su user -c "echo OK" > > displays "OK", then do as root # > > > > su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' > > greenchilly:/home/lawgon# su vmail -c "echo OK" > OK > greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/john && > echo Dir:$(pwd)' > Dir:/home/vmail/example.com/john I also did a chmod o+r on /home, /home/vmail, /home/vmail/example.com and /home/vmail/example.com/john still the same error. -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wednesday 20 May 2009 18:49:25 Steffen Kaiser wrote: > Well, there are lots of "permission denied" problems lately. > > Are you really absolutely sure that user with uid 5000 may chdir into > /home/vmail/example.com/john ?? > > I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell > is a real shell, so (as root) # su user -c "echo OK" > displays "OK", then do as root # > > su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' greenchilly:/home/lawgon# su vmail -c "echo OK" OK greenchilly:/home/lawgon# su vmail -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' Dir:/home/vmail/example.com/john > > (and revert what you've did for testing on success) > > Do run some protection stuff, e.g. SELinux or AppArmor or the like? > Dovecot setuid()'s to uid 5000, then chdir()s there. Such stuff may > prohibit this. no - and note that I use dovecot for LDA and dovecot as vmail has no problem delivering mail (which means it can read and write in that directory) > > Or, do you have ACLs enabled in the filesystem? Or do you use a remote > filesystem, which permissions probably lie to the client. no - of course this is a VPS on a Gandi xen setup, but I do not see how anything is affected by this > > Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w? yes > No dead sym links, etc.pp? no. -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wed, 2009-05-20 at 16:58 +0530, Kenneth Gonsalves wrote: > > Anyway that > > chdir() syscall really failed with that error message. The reason for > > that is less clear then.. v1.1+ would give a much nicer error message > > here telling exactly what is wrong.. > > I have installed version 1.1.13, here is the mail log: Sorry, it was actually only v1.2+ that gave the better error message. Anyway, do as Steffen said, make sure the UID 5000 really can chdir there. signature.asc Description: This is a digitally signed message part
Re: [Dovecot] pop3 gives a permission denied error on chdir
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 20 May 2009, Kenneth Gonsalves wrote: Well, there are lots of "permission denied" problems lately. Are you really absolutely sure that user with uid 5000 may chdir into /home/vmail/example.com/john ?? I mean, make sure "su" may set uid to the user of UID 5000 (esp. the shell is a real shell, so (as root) # su user -c "echo OK" displays "OK", then do as root # su user -c 'cd /home/vmail/example.com/john && echo Dir:$(pwd)' (and revert what you've did for testing on success) Do run some protection stuff, e.g. SELinux or AppArmor or the like? Dovecot setuid()'s to uid 5000, then chdir()s there. Such stuff may prohibit this. Or, do you have ACLs enabled in the filesystem? Or do you use a remote filesystem, which permissions probably lie to the client. Are all files in /home/vmail/example.com/john owned by uid 5000 and r/w? No dead sym links, etc.pp? Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBShQDYHWSIuGy1ktrAQLywwgAkuZ8+Z6zHxpghYckbBtKGl9KWmFoB5g8 vTTNjb9Vtclrva3cPQmugW5h8hsgwl4amz3Pm0w37/XjBbzGVEBX/BSUidc0Q10y pEa3praPPnasnPmp5lxRvY/dZLUSLVuOgNR4HGGt8lz5O0T3EbUUi9ryOR5wY2kJ GvZXL+JSXlf7uJlvqFZfdBjhFjMCEWa4QeUCE9K+W/mLX4wzRuUzel3svOjLDU90 4TE06v+pka+hi5uNAq3O2JcOkgunuQZytPZpxJu5kIpwfJwwnKwcVTs+uungRKQH 2c/O2Py3eSeRv1AlR3cdrbvGp4jzqDMVs/ZL4WfUME3f98I51cSqSA== =LpH0 -END PGP SIGNATURE-
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wednesday 20 May 2009 16:58:22 Kenneth Gonsalves wrote: > no > > > Anyway that > > chdir() syscall really failed with that error message. The reason for > > that is less clear then.. v1.1+ would give a much nicer error message > > here telling exactly what is wrong.. > > I have installed version 1.1.13, here is the mail log: that log is a little confused as it is looking for PAM authentication also. After commenting out the PAM lines in the conf, I get this: May 20 14:02:40 greenchilly dovecot: auth(default): new auth connection: pid=1634 May 20 14:02:54 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=43572^Iresp= May 20 14:02:54 greenchilly dovecot: auth(default): sql(j...@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='j...@example.com'; May 20 14:02:55 greenchilly dovecot: auth(default): client out: ok^i1^iuser=j...@example.com May 20 14:02:55 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1453^I1 May 20 14:02:55 greenchilly dovecot: auth(default): master out: user^i3^ij...@example.com^iuid=5000^igid=5000^ihome=/home/vmail/example.com/john May 20 14:02:55 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 14:02:55 greenchilly dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured May 20 14:02:55 greenchilly dovecot: child 1635 (pop3) returned error 89 (Fatal failure) -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Wednesday 20 May 2009 01:20:37 you wrote: > On Tue, 2009-05-19 at 13:35 +0530, Kenneth Gonsalves wrote: > > May 19 09:16:10 greenchilly dovecot: chdir(/home/vmail/example.com/john) > > failed with uid 5000: Permission denied > > .. > > > I have looked at the archives and see that the problem has been reported > > before, but cannot find any solution. Dovecot as LDA has no problem > > accessing and writing mails to the directory as UID 5000. I suspect that > > it is trying to access some other directory and the error message is > > misleading. The directory /home/vmail/example.com/john is owned by user > > vmail with UID 5000. Any clues? > > And all the directories before that are also available for that user? yes > Are you using NFS? Are you using SELinux or something? no > Anyway that > chdir() syscall really failed with that error message. The reason for > that is less clear then.. v1.1+ would give a much nicer error message > here telling exactly what is wrong.. I have installed version 1.1.13, here is the mail log: May 20 10:33:54 greenchilly dovecot: auth(default): new auth connection: pid=1181 May 20 10:34:07 greenchilly dovecot: auth(default): client in: AUTH^I1^IPLAIN^Iservice=pop3^Isecured^Ilip=127.0.0.1^Irip=127.0.0.1^Ilport=110^Irport=42418^Iresp= May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(j...@example.com,127.0.0.1): lookup service=dovecot May 20 10:34:07 greenchilly dovecot: auth-worker(default): pam(j...@example.com,127.0.0.1): #1/1 style=1 msg=Password: May 20 10:34:10 greenchilly dovecot: auth-worker(default): pam(j...@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): sql(j...@example.com,127.0.0.1): query: SELECT email as user, passwd as password FROM view_users WHERE email='j...@example.com'; May 20 10:34:10 greenchilly dovecot: auth(default): client out: ok^i1^iuser=j...@example.com May 20 10:34:10 greenchilly dovecot: auth(default): master in: REQUEST^I3^I1166^I1 May 20 10:34:10 greenchilly dovecot: auth(default): passwd(j...@example.com,127.0.0.1): lookup May 20 10:34:10 greenchilly dovecot: auth(default): passwd(j...@example.com,127.0.0.1): unknown user May 20 10:34:10 greenchilly dovecot: auth(default): master out: user^i3^ij...@example.com^iuid=5000^igid=5000^ihome=/home/vmail/example.com/john May 20 10:34:10 greenchilly dovecot: Fatal: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 20 10:34:10 greenchilly dovecot: child 1182 (pop3) returned error 89 (Fatal failure) May 20 10:34:10 greenchilly dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured and here is the session info: law...@greenchilly:~$ telnet localhost pop3 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK Dovecot ready. user j...@example.com +OK pass summersun +OK Logged in. Connection closed by foreign host. -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
Re: [Dovecot] pop3 gives a permission denied error on chdir
On Tue, 2009-05-19 at 13:35 +0530, Kenneth Gonsalves wrote: > May 19 09:16:10 greenchilly dovecot: chdir(/home/vmail/example.com/john) > failed with uid 5000: Permission denied .. > I have looked at the archives and see that the problem has been reported > before, but cannot find any solution. Dovecot as LDA has no problem accessing > and writing mails to the directory as UID 5000. I suspect that it is trying > to > access some other directory and the error message is misleading. The > directory > /home/vmail/example.com/john is owned by user vmail with UID 5000. Any clues? And all the directories before that are also available for that user? Are you using NFS? Are you using SELinux or something? Anyway that chdir() syscall really failed with that error message. The reason for that is less clear then.. v1.1+ would give a much nicer error message here telling exactly what is wrong.. signature.asc Description: This is a digitally signed message part
[Dovecot] pop3 gives a permission denied error on chdir
hi, I am running debian lenny standard install and dovecot also as a standard install. I have a problem with POP3 access. The error message is: May 19 09:16:10 greenchilly dovecot: chdir(/home/vmail/example.com/john) failed with uid 5000: Permission denied May 19 09:16:10 greenchilly dovecot: child 26253 (pop3) returned error 89 May 19 09:16:10 greenchilly dovecot: pop3-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, secured I have looked at the archives and see that the problem has been reported before, but cannot find any solution. Dovecot as LDA has no problem accessing and writing mails to the directory as UID 5000. I suspect that it is trying to access some other directory and the error message is misleading. The directory /home/vmail/example.com/john is owned by user vmail with UID 5000. Any clues? my config: greenchilly:/etc/dovecot# dovecot -n # 1.0.15: /etc/dovecot/dovecot.conf log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login mail_privileged_group: mail mail_location: maildir:/home/vmail/%d/%n/Maildir mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xu%08Xv auth default: mechanisms: plain login passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: static args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail -- regards Kenneth Gonsalves Associate NRC-FOSS http://nrcfosshelpline.in/web/
