Thomas Leuxner
2010-Mar-02  18:42 UTC
[Dovecot] Dovecot 2.0b3: mdbox with incorrect ACL file permissions crashes
Hi, played around with 'mdbox' format some more. Converted my personal mailbox with latest Dovecot and dsync from HG: dsync convert -u login at yourdomain.com mdbox:~/mdbox One thing I noticed is, that dsync does not take care of existing 'dovecot-acl' files, which it should migrate/copy from my point of view, but simply skips them. Anyway I copied over the ACLs manually and forgot to set the rights accordingly. So the files were owned by 'root:vmail' instead of 'vmail:vmail' in my setup. Voil? Dovecot crashed, where it should really throw a warning or ignore the owner and work with the group permissions: Mar 2 19:27:52 spectre dovecot: imap(tlx at leuxner.net): acl vfile: file /var/vmail/conf.d/leuxner.net/acls/Support/Serverloft not found Mar 2 19:27:52 spectre dovecot: imap(tlx at leuxner.net): acl vfile: no access to file /var/vmail/leuxner.net/tlx/mdbox/mailboxes/Support/Serverloft/dbox-Mails/dovecot-acl Mar 2 19:27:52 spectre dovecot: imap(tlx at leuxner.net): Panic: file acl-cache.c: line 295 (acl_cache_update_rights): assertion failed: (obj_cache->my_current_rights != &negative_cache_entry) Mar 2 19:27:52 spectre dovecot: imap(tlx at leuxner.net): Raw backtrace: /usr/lib/dovecot/libdovecot.so.0 [0x7f4d8595ffb2] -> /usr/lib/dovecot/libdovecot.so.0 [0x7f4d8596001a] -> /usr/lib/dovecot/libdovecot.so.0 (i_error+0) [0x7f4d859603c3] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da690b] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da4249] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0 x7f4d84da4572] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da472e] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da2aba] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so(acl_object_get_m y_rights+0x65) [0x7f4d84da2b85] -> /usr/lib/dovecot/modules/lib01_acl_plugin.so [0x7f4d84da8fd9] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS](client_find_namespace+0x17f) [0x41149f] -> dovecot/imap [t lx at leuxner.net 84.58.106.99 STATUS](cmd_status+0xfc) [0x40dc2c] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS] [0x40f9bc] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS] [0x40fa6d] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS](client_handle_input+0x45) [0x40fbe5] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS](client_input+0x62) [0x410622] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handl er_run+0xcb) [0x7f4d8596abab] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x18) [0x7f4d85969d28] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f4d85959eb3] -> dovecot/imap [tlx at leuxner.n et 84.58.106.99 STATUS](main+0x191) [0x418661] -> /lib/libc.so.6(__libc_start_main+0xe6) [0x7f4d851e71a6] -> dovecot/imap [tlx at leuxner.net 84.58.106.99 STATUS] [0x4084e9] Mar 2 19:27:52 spectre dovecot: master: service(imap): child 30281 killed with signal 6 (core dumps disabled) Regards Thomas
Timo Sirainen
2010-Mar-16  19:42 UTC
[Dovecot] Dovecot 2.0b3: mdbox with incorrect ACL file permissions crashes
On Tue, 2010-03-02 at 19:42 +0100, Thomas Leuxner wrote:> One thing I noticed is, that dsync does not take care of existing > 'dovecot-acl' files, which it should migrate/copy from my point of > view, but simply skips them.Yeah, for now anyway.. The problem is that dsync does a two-way sync, but there's really no good way to do two-way ACL sync. Another problem is that ACL is a plugin feature, so this should be done by dsync acl plugin, but dsync doesn't currently support plugins. Both of these could be fixed some day to support at least the simple conversion case.> Anyway I copied over the ACLs manually and forgot to set the rights > accordingly. So the files were owned by 'root:vmail' instead of > 'vmail:vmail' in my setup. Voil? Dovecot crashed, where it should > really throw a warning or ignore the owner and work with the group > permissions:If dovecot-acl isn't readable, it was supposed to remove all permissions from everyone, but I had never tested that code. Fixed now. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20100316/5c87c6a2/attachment-0002.bin>