Re: [Dovecot] symbolic links to root node
> In some cases users have a symbolic link like "z: -> /" in their > mail directory. As a result there are log entries like > > stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: > File name too long Like you, our users store mail in their home directories* and sometimes they make symlinks to strange places like -> /usr. I patched dovecot to simply ignore symlinks; maybe you can, too. diff -c -r dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.c *** dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c Mon Feb 5 05:57:32 2007 --- dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.cThu Apr 26 09:56:22 2007 *** *** 69,74 --- 69,85 static int list_opendir(struct mail_storage *storage, const char *path, bool root, DIR **dirp) { + /* ACS local modification */ + struct stat st; + if (lstat(*path == '\0' ? "/" : path, &st) < 0) { + mail_storage_set_error(storage, "lstat failed!"); + return -1; + } + if (st.st_mode & S_IFLNK) { + return 0; /*ignore*/ + } + /* end ACS local modification */ + *dirp = opendir(*path == '\0' ? "/" : path); if (*dirp != NULL) return 1; -- Adam * although we're finally starting to convert our 30k users over to dedicated maildirs+NFS. I'll share my experiences with the list once we're done (early March I hope). -- Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711 [EMAIL PROTECTED] | University of California, San Diego | fax +1 858 534 7018
Re: [Dovecot] symbolic links to root node
Timo Sirainen wrote: On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote: Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10). In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long So you're exposing the entire home directory to Dovecot? Everything would go a lot more nicely (and faster) if Dovecot would have access only to actual mailboxes. Can't you just force everyone to use e.g. ~/mail/ directory (mail_location = mbox:~/mail)? It is on my long term ToDo list (I would prefer that). But actually it is very difficult to realize that in our environment. Currently we're saying that one should configure an IMAP server directory (but most users don't want to read the documentation). Is there something I can do (these links should be ignored) ? Or is it a bug ? I don't think Dovecot should ignore those kind of errors, because if it happens on a normal mail directory, it's most likely a problem sysadmin should know about and fix. But in this kind of a mixed system.. well, modifying sources would be the only solution. Ok. Martin --- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany phone: ++49 761 203-8250 [EMAIL PROTECTED] fax: ++49 761 203-8242www.informatik.uni-freiburg.de
Re: [Dovecot] symbolic links to root node
On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote: > Hello, > I have a question about the way Dovecot limits file system access. > Currently we're using Dovecot 1.0.5 (Solaris 10). > > In some cases users have a symbolic link like "z: -> /" in their > mail directory. As a result there are log entries like > > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): > stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: > File > name too long So you're exposing the entire home directory to Dovecot? Everything would go a lot more nicely (and faster) if Dovecot would have access only to actual mailboxes. Can't you just force everyone to use e.g. ~/mail/ directory (mail_location = mbox:~/mail)? > Is there something I can do (these links should be ignored) ? > Or is it a bug ? I don't think Dovecot should ignore those kind of errors, because if it happens on a normal mail directory, it's most likely a problem sysadmin should know about and fix. But in this kind of a mixed system.. well, modifying sources would be the only solution. signature.asc Description: This is a digitally signed message part
[Dovecot] symbolic links to root node
Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10). In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long We know the reason (the links are create by Wine) but unfortunately we cannot get rid of them. Is there something I can do (these links should be ignored) ? Or is it a bug ? Greetings. Martin --- Martin Preen, Universität Freiburg, Institut für Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany phone: ++49 761 203-8250 [EMAIL PROTECTED] fax: ++49 761 203-8242www.informatik.uni-freiburg.de