Hello, I have a question about the way Dovecot limits file system access. Currently we're using Dovecot 1.0.5 (Solaris 10). In some cases users have a symbolic link like "z: -> /" in their mail directory. As a result there are log entries like Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File name too long We know the reason (the links are create by Wine) but unfortunately we cannot get rid of them. Is there something I can do (these links should be ignored) ? Or is it a bug ? Greetings. Martin --------------------------------------------------------------- Martin Preen, Universit?t Freiburg, Institut f?r Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany phone: ++49 761 203-8250 preen at informatik.uni-freiburg.de fax: ++49 761 203-8242 www.informatik.uni-freiburg.de
On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote:> Hello, > I have a question about the way Dovecot limits file system access. > Currently we're using Dovecot 1.0.5 (Solaris 10). > > In some cases users have a symbolic link like "z: -> /" in their > mail directory. As a result there are log entries like > > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): > stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File > name too longSo you're exposing the entire home directory to Dovecot? Everything would go a lot more nicely (and faster) if Dovecot would have access only to actual mailboxes. Can't you just force everyone to use e.g. ~/mail/ directory (mail_location = mbox:~/mail)?> Is there something I can do (these links should be ignored) ? > Or is it a bug ?I don't think Dovecot should ignore those kind of errors, because if it happens on a normal mail directory, it's most likely a problem sysadmin should know about and fix. But in this kind of a mixed system.. well, modifying sources would be the only solution. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20080125/cb6da36b/attachment-0002.bin>
Timo Sirainen wrote:> On Fri, 2008-01-25 at 14:48 +0100, Martin Preen wrote: > >>Hello, >>I have a question about the way Dovecot limits file system access. >>Currently we're using Dovecot 1.0.5 (Solaris 10). >> >>In some cases users have a symbolic link like "z: -> /" in their >>mail directory. As a result there are log entries like >> >>Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): >>stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje >>Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: File >>name too long > > > So you're exposing the entire home directory to Dovecot? Everything > would go a lot more nicely (and faster) if Dovecot would have access > only to actual mailboxes. Can't you just force everyone to use e.g. > ~/mail/ directory (mail_location = mbox:~/mail)?It is on my long term ToDo list (I would prefer that). But actually it is very difficult to realize that in our environment. Currently we're saying that one should configure an IMAP server directory (but most users don't want to read the documentation).>>Is there something I can do (these links should be ignored) ? >>Or is it a bug ? > > > I don't think Dovecot should ignore those kind of errors, because if it > happens on a normal mail directory, it's most likely a problem sysadmin > should know about and fix. But in this kind of a mixed system.. well, > modifying sources would be the only solution.Ok. Martin --------------------------------------------------------------- Martin Preen, Universit?t Freiburg, Institut f?r Informatik Georges-Koehler-Allee 52, Raum 00-006, 79110 Freiburg, Germany phone: ++49 761 203-8250 preen at informatik.uni-freiburg.de fax: ++49 761 203-8242 www.informatik.uni-freiburg.de
> In some cases users have a symbolic link like "z: -> /" in their > mail directory. As a result there are log entries like > > stat(/home/xyz/.wine/dosdevices/c:/windows/profiles/xyz/.../z:/proc/28381/root/proc/28381/.../root/proc/28381/Player/#SharedObje > Jan 25 13:30:31 imap1 dovecot: [ID 107833 mail.error] IMAP(xyz): x) failed: > File name too longLike you, our users store mail in their home directories* and sometimes they make symlinks to strange places like -> /usr. I patched dovecot to simply ignore symlinks; maybe you can, too. diff -c -r dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.c *** dovecot-1.0.0-pristine/src/lib-storage/index/mbox/mbox-list.c Mon Feb 5 05:57:32 2007 --- dovecot-1.0.0/src/lib-storage/index/mbox/mbox-list.c Thu Apr 26 09:56:22 2007 *************** *** 69,74 **** --- 69,85 ---- static int list_opendir(struct mail_storage *storage, const char *path, bool root, DIR **dirp) { + /* ACS local modification */ + struct stat st; + if (lstat(*path == '\0' ? "/" : path, &st) < 0) { + mail_storage_set_error(storage, "lstat failed!"); + return -1; + } + if (st.st_mode & S_IFLNK) { + return 0; /*ignore*/ + } + /* end ACS local modification */ + *dirp = opendir(*path == '\0' ? "/" : path); if (*dirp != NULL) return 1; -- Adam * although we're finally starting to convert our 30k users over to dedicated maildirs+NFS. I'll share my experiences with the list once we're done (early March I hope). -- Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711 agt at ucsd.edu | University of California, San Diego | fax +1 858 534 7018