Adam McDougall
2007-Oct-27 17:02 UTC
[Dovecot] Segfault when opening a public folder, dovecot 1.1 beta4
I was trying to debug this with gdb, but I'm not sure how to make env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap understand the #shared/decs namespace from below so I can SELECT it. I have a number of maildirs under #ahared/decs, I tried opening at least 2 of them but dovecot gives sig 11 without a direct error about the problem. I don't think this was exactly the same problem in 1.1b3, but unfortunately I deleted all the patches I was testing with so it would be a pain to test the same situation with 1.1b3 again (although if needed, I can). If dovecot-shared exists in the folder I try to open, dovecot says: Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file /home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log: Operation not permitted Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11 I am used to getting the first message because dovecot tries to apply perms from dovecot-shared to the index files which are elsewhere. If I open a public folder without dovecot-shared, I see no contents but it does not sig11. I am NOT using the acl plugin right now, it didn't seem to make a difference if it was loaded. When I left off with the dovecot 1.1b3 + 8 patches, I believe I was getting an assertion. Please let me know if I goofed up something, I have a strange feeling about that here, or if you need more info. I'd like to go ahead and get a gdb trace. # 1.1.beta4: /usr/local/etc/dovecot.conf ssl_cert_file: /usr/local/etc/apache2/ssl/cert.pem ssl_key_file: /usr/local/etc/apache2/ssl/cert.pem disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable: /usr/local/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_uid: 1000 first_valid_gid: 0 mail_location: maildir:%h/Maildir:CONTROL=%h/Maildir/dovecot11testing/private/control:INDEX=%h/Maildir/dovecot11testing/private/indexes mail_debug: yes mmap_disable: yes mail_nfs_storage: yes mail_nfs_index: yes mail_log_max_lines_per_sec: 0 imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep namespace: type: public separator: / prefix: #shared/decs/ location: maildir:/egr/mail/shared/decs:CONTROL=%h/Maildir/dovecot11testing/public/control/decs:INDEX=%h/Maildir/dovecot11testing/public/indexes/decs list: yes subscriptions: yes namespace: type: private separator: / prefix: mail/ location: maildir:%h/Maildir:CONTROL=%h/Maildir/dovecot11testing/private/control:INDEX=%h/Maildir/dovecot11testing/private/indexes hidden: yes subscriptions: yes namespace: type: private separator: / inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login passdb: driver: pam userdb: driver: passwd socket: type: listen client: path: /var/spool/postfix/private/auth mode: 384 user: postfix group: postfix plugin: acl: vfile:/usr/local/etc/dovecot-acls
Timo Sirainen
2007-Oct-27 17:21 UTC
[Dovecot] Segfault when opening a public folder, dovecot 1.1 beta4
On Sat, 2007-10-27 at 13:02 -0400, Adam McDougall wrote:> I was trying to debug this with gdb, but I'm not sure how to make > env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap > understand the #shared/decs namespace from below so I can SELECT it.Easiest way to figure these kind of things is to set mail_executable=/tmp/dump.sh which contains: #!/bin/sh set > /tmp/dovecot.env And run dovecot --exec-mail imap. Then either use that information or just run ". /tmp/dovecot.env" before gdb imap.> If dovecot-shared exists in the folder I try to open, dovecot says: > Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file > /home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log: Operation not > permitted > Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11Fixed the crash: http://hg.dovecot.org/dovecot/rev/7373240c3d1d But the real problem is that dovecot-shared file is owned by a group that your imap process doesn't belong to. You probably want to add it to mail_extra_groups. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20071027/96a3d777/attachment-0002.bin>
Adam McDougall
2007-Oct-27 18:51 UTC
[Dovecot] Segfault when opening a public folder, dovecot 1.1 beta4
On Sat, Oct 27, 2007 at 08:21:54PM +0300, Timo Sirainen wrote: On Sat, 2007-10-27 at 13:02 -0400, Adam McDougall wrote: > I was trying to debug this with gdb, but I'm not sure how to make > env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap > understand the #shared/decs namespace from below so I can SELECT it. Easiest way to figure these kind of things is to set mail_executable=/tmp/dump.sh which contains: #!/bin/sh set > /tmp/dovecot.env And run dovecot --exec-mail imap. Then either use that information or just run ". /tmp/dovecot.env" before gdb imap. Thanks, I'll use it next time > If dovecot-shared exists in the folder I try to open, dovecot says: > Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file > /home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log: Operation not > permitted > Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11 Fixed the crash: http://hg.dovecot.org/dovecot/rev/7373240c3d1d Agreed But the real problem is that dovecot-shared file is owned by a group that your imap process doesn't belong to. You probably want to add it to mail_extra_groups. I want to avoid adding a group to any user that logs in because some of them are in many groups already and it might push them over the limit that FreeBSD allows, then they cannot login at all. With some recent permission changes I've done (affects dovecot 1.0 as well), I get a good amount of these fchown errors and I was thinking of muting them so they do not fill my log, since they are harmless in my setup. Right now in my public folder permission scheme, the only thing I need dovecot-shared for (I think) is making client-added emails world-readable at least (currently actually mode 666). As long as the indexes are accessible by the user, I don't care what mode or group they are.
Possibly Parallel Threads
- assertion failed: (mailbox_list_is_valid_existing_name(_list, name))
- imap fs quota (rpc) won't work?
- do 1.1b4 assertion failed: (mailbox_list_is_valid_existing_name
- Dovecot not handling r/o mailboxes completely, and problem with ACL as a workaround
- dovecot 1.1b4 not listing public folder children