Pascal Volk
2011-Dec-10 03:35 UTC
[Dovecot] 2.1.rc1 (8a63f621bd2e): SiS permission issue + crash
Since changeset 8a63f621bd2e I'm one step closer to the perfect working
setup. I'm sharing one GID per domain, all it's alias names and
accounts.
So I can use: mail_attachment_dir = /srv/mail/.SiS/%{gid}
In order to avoid permission trouble I've set fs ACL on the .SiS dir:
,--[ getfacl srv/mail/.SiS ]--
| # file: srv/mail/.SiS
| # owner: root
| # group: root
| user::rwx
| group::--x
| mask::--x
| other::-wx
| default:user::rwx
| default:group::rwx
| default:mask::rwx
| default:other::---
`--
OK, lets test the setup:
dsync -u test-0 at example.com mirror maildir:/tmp/Maildir
rm -rf Maildir && cp -a Maildir_org Maildir && chown -R
70010:70002 Maildir
dsync -vu test-1 at example.com mirror maildir:/tmp/Maildir
dsync(test-1 at example.com): Info: Drafts: only in dest
(guid=b6a53627f3cbe24e33030000850d2fad)
dsync(test-1 at example.com): Info: Sent: only in dest
(guid=b7a53627f3cbe24e33030000850d2fad)
dsync(test-1 at example.com): Info: Junk-E-Mail: only in dest
(guid=b8a53627f3cbe24e33030000850d2fad)
dsync(test-1 at example.com): Info: Trash: only in dest
(guid=b9a53627f3cbe24e33030000850d2fad)
dsync(test-1 at example.com): Info: INBOX: only in dest
(guid=baa53627f3cbe24e33030000850d2fad)
dsync(test-1 at example.com): Error:
stat(/srv/mail/.SiS/70002/a2/7b/.temp.blau.819.4f06409857c627e0) failed:
Permission denied
dsync(test-1 at example.com): Error:
safe_mkstemp(/srv/mail/.SiS/70002/a2/7b/.temp.blau.819.) failed: Permission
denied
dsync(test-1 at example.com): Panic: file dsync-worker-local.c: line 1644
(local_worker_save_msg_continue): assertion failed: (ret == -1)
dsync(test-1 at example.com): Error: Raw backtrace:
/usr/local/lib/dovecot/libdovecot.so.0(+0x4faf1) [0x7f4db31f4af1] ->
/usr/local/lib/dovecot/libdovecot.so.0(default_error_handler+0) [0x7f4db31f4b7d]
-> /usr/local/lib/dovecot/libdovecot.so.0(i_fatal+0) [0x7f4db31f4e01] ->
dsync() [0x416af8] -> dsync() [0x416e46] ->
dsync(dsync_worker_msg_save+0x82) [0x412cb2] -> dsync() [0x40b7e0] ->
dsync() [0x417286] -> dsync() [0x417324] ->
dsync(dsync_worker_msg_get+0xa8) [0x412dd4] -> dsync() [0x40bbf3] ->
dsync() [0x40bd62] -> dsync() [0x40c106] -> dsync() [0x40c318] ->
dsync(dsync_brain_msg_sync_new_msgs+0x1c) [0x40c336] ->
dsync(dsync_brain_msg_sync_more+0x1ae) [0x40b15e] -> dsync() [0x409b88] ->
dsync(dsync_brain_sync+0x231) [0x40a074] -> dsync() [0x4084fb] -> dsync()
[0x408729] -> dsync(dsync_brain_sync+0x1a7) [0x409fea] -> dsync()
[0x408238] -> dsync() [0x408388] -> dsync(dsync_brain_sync+0x10b)
[0x409f4e] -> dsync(dsync_brain_sync_all+0x24) [0x40a16b] ->
dsync(main+0x680) [0x407b2b
] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd) [0x7f4db2e3fead]
-> dsync() [0x406e09]
Aborted (core dumped)
Looks like Dovecot ignores the ACL. I think a mail_attachment_dir_mode
setting could help to work around this problem. Dunno what would be a
good default value. But I would set mail_attachment_dir_mode = 0770
The attachment files have mode 0660, that's perfect in my setup.
Regards,
Pascal
--
The trapper recommends today: c01dcafe.1134404 at localdomain.org
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: doveconf.txt
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20111210/2e9dd868/attachment-0008.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: dsync_bt.txt
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20111210/2e9dd868/attachment-0009.txt>
Timo Sirainen
2011-Dec-10 06:17 UTC
[Dovecot] 2.1.rc1 (8a63f621bd2e): SiS permission issue + crash
On Sat, 2011-12-10 at 04:35 +0100, Pascal Volk wrote:> dsync(test-1 at example.com): Panic: file dsync-worker-local.c: line 1644 (local_worker_save_msg_continue): assertion failed: (ret == -1)I'll see about this crash later..> Looks like Dovecot ignores the ACL. I think a mail_attachment_dir_mode > setting could help to work around this problem. Dunno what would be a > good default value. But I would set mail_attachment_dir_mode = 0770 > The attachment files have mode 0660, that's perfect in my setup.With http://hg.dovecot.org/dovecot-2.1/rev/fcceee891448 you can do: mail_attachment_fs = sis posix:mode=0660 The dirs get created with 0770 then.
Timo Sirainen
2012-Feb-09 18:39 UTC
[Dovecot] 2.1.rc1 (8a63f621bd2e): SiS permission issue + crash
On Sat, 2011-12-10 at 04:35 +0100, Pascal Volk wrote:> dsync -u test-0 at example.com mirror maildir:/tmp/Maildir > rm -rf Maildir && cp -a Maildir_org Maildir && chown -R 70010:70002 Maildir > dsync -vu test-1 at example.com mirror maildir:/tmp/Maildir > dsync(test-1 at example.com): Error: stat(/srv/mail/.SiS/70002/a2/7b/.temp.blau.819.4f06409857c627e0) failed: Permission denied > dsync(test-1 at example.com): Error: safe_mkstemp(/srv/mail/.SiS/70002/a2/7b/.temp.blau.819.) failed: Permission denied > dsync(test-1 at example.com): Panic: file dsync-worker-local.c: line 1644 (local_worker_save_msg_continue): assertion failed: (ret == -1)I couldn't reproduce this crash, but I guess this should fix it: http://hg.dovecot.org/dovecot-2.1/rev/e29bc3eb0ba6 Also fixed a related problem where if dbox failed to save a message it still added it to index: http://hg.dovecot.org/dovecot-2.1/rev/98a59ac1f3d0