Kent Iverson
2006-Oct-13 07:51 UTC
[Dovecot] child 29480 (auth) returned error 89, FC5, Postfix, MySql, mbox....arghhhh
Hi all, I have been putting a small (simple?)dedicated email server together to (ultimately) host a couple of domains. I am currently getting the configuration to work with one domain w/local mbox users and then plan to extend it to virtual users and an additional domain. Dovecot has been a problem to integrate in the configuration. The basic pieces are FC5, Postfix, Dovecot, with Cyrus-sasl and MySql user/password databases. I have installed, configured, and verified Postfix, Cyrus-sasl, and MySql both separately and working together. All applications are standard Yum sourced FC5 binaries. Dovecot, however, stubbornly refuses to join the party. I have searched for clues on-line and have not found anything that has helped, thus this message. The problem seems to be tied tightly to using mySQL as an access mechanism for passdb/userdb information since if I remove that access mechanism Dovecot runs fine. The reason I am looking to use mySQL is that it seemed an easy way to have a common database for user name and domain identification with a single common FQDN login authentication format for current local users and future virtual users. As I understand it, the default PAM passwd doesn't support FQDN user names. The symptom: ==========Dovecot starts and immediately exits. Maillog shows the following immediately after executing /sbin/service dovecot start Oct 12 21:36:24 Playtime dovecot: Dovecot v1.0.beta8 starting up Oct 12 21:36:25 Playtime dovecot: child 29479 (auth) returned error 89 Oct 12 21:36:25 Playtime dovecot: child 29480 (auth) returned error 89 Oct 12 21:36:25 Playtime dovecot: Auth process died too early - shutting down Oct 12 21:36:25 Playtime dovecot: auth(default): net_connect_unix(/var/run/dovecot/auth-worker.29480) failed: Permission denied Oct 12 21:36:25 Playtime dovecot: auth(default): net_connect_unix(/var/run/dovecot/auth-worker.29479) failed: Permission denied It appears that the dovecot-auth process is immediately exiting with a non-specific error (89) and no collateral info. There are two sets of error 89's because the process count is set to 2 in dovecot.conf (see below). Looking at the messages log, you find a line reflecting the empty sockets as below: Oct 12 21:36:25 Playtime kernel: audit(1160714185.460:373): avc: denied { write } for pid=29479 comm="dovecot-auth" name="auth-worker.29479" dev=dm-0 ino=692358 scontext=user_u:system_r:dovecot_auth_t:s0 tcontext=user_u:object_r:dovecot_var_run_t:s0 tclass=sock_file There is nothing in the auth log other than happy noises from Postfix about its mySQL accesses. I am unaware of any other logs that might shed some light. Troubleshooting: ============--- I have been using standard FC5 compiled binaries sourced through YUM for all applications. To the best of my knowledge, the package that Yum pulled for Dovecot is built --with-mysql and thus should support mysql access. I found this tidbit of info in the /usr/src/redhat/SPECS/dovecot.spec document. -- I have rolled back the dovecot.conf to remove the mysql passwd/userdb configuration leaving the default PAM configuration and found that Dovecot behaves correctly and joins the party. However, since Postfix is using mySQL data, the client FQDN login user names it uses don't match up with the simple UNIX user names that Dovecot's default PAM password mechanism is supporting (thus my attempt to get them both to use the mySql database.) So from this I know that the problem appears to be basic to startup of dovecot-auth and the mysql configuration. -- I have verified the location of the dovecot-sql.conf file as configured in dovecot.conf -- I have verified that the 'connect' parameters in the dovecot-sql.conf.work from a command line and the password_query syntax from inside mysql. Configuration details: dovecot.conf: ======================================================================# things uncommented from defaults: base_dir = /var/run/dovecot protocols = imap imaps pop3 pop3s listen = * shutdown_clients = yes #for debug...seems to have made no difference. mail_debug = yes mbox_very_dirty_syncs = yes # authentication section # this next was left at default and I checked the ownership and it is correct. #auth_executable = /usr/libexec/dovecot/dovecot-auth #more debug auth_verbose = yes auth_debug = yes auth_debug_passwords = no # auth-worker process limit auth_worker_max_count = 30 #and into auth default: auth default { mechanisms = plain # default PAM passdb pam { } # SQL passdb sql { args = /etc/dovecot-sql.conf } # userdb userdb static { args = uid=690 gid=768 home=/var/mail/%n } #note there is no SQL userdb access defined. We will always use userdb static for now user = root count = 2 } ============================dovecot-sql.conf =============================================================================# Our mysql table actually is: (defined to support postfix password db) # CREATE TABLE users ( # id int(11) unsigned NOT NULL auto_increment, #table index # username varchar(255) NOT NULL default '0', #user part in user at userrealm # userrealm varchar(255) NOT NULL default 'firstdomain.com', #domain part in user at userrealm # userpassword varchar(255) NOT NULL default '94go283xc', #email password # auth tinyint(1) default '1', #Relay authority 1 = yes # active char(1) NOT NULL default 'y' #active Dovecot user? #}; driver = mysql connect = host=127.0.0.1 dbname=user_db user=dovecot password=xxxyy0x0 default_pass_scheme = PLAIN password_query = SELECT password FROM users WHERE username='%n' AND userrealm='%d' AND active='y' # there is no userdb sql access mechanism defined so this is left null user_query ======================================================================================== Thats about it. I'm stumped....any thoughts or debug suggestions would be appreciated. Thanks -Kent I.
Timo Sirainen
2006-Oct-13 13:07 UTC
[Dovecot] child 29480 (auth) returned error 89, FC5, Postfix, MySql, mbox....arghhhh
On Fri, 2006-10-13 at 00:51 -0700, Kent Iverson wrote:> net_connect_unix(/var/run/dovecot/auth-worker.29480) failed: Permission deniedThis is the problem.> Oct 12 21:36:25 Playtime kernel: audit(1160714185.460:373): > avc: denied { write } for pid=29479 comm="dovecot-auth" > name="auth-worker.29479" dev=dm-0 ino=692358 > scontext=user_u:system_r:dovecot_auth_t:s0 > tcontext=user_u:object_r:dovecot_var_run_t:s0 tclass=sock_fileAnd based on this I'd guess it's your SELinux rules that deny the access? So fix them (I don't know how), or disable SELinux. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20061013/a1b2b9e7/attachment.bin>
Marcus Rueckert
2006-Oct-13 21:11 UTC
[Dovecot] child 29480 (auth) returned error 89, FC5, Postfix, MySql, mbox....arghhhh
On 2006-10-13 00:51:21 -0700, Kent Iverson wrote:> Oct 12 21:36:25 Playtime dovecot: auth(default): > net_connect_unix(/var/run/dovecot/auth-worker.29480) failed: Permission > denied > Oct 12 21:36:25 Playtime dovecot: auth(default): > net_connect_unix(/var/run/dovecot/auth-worker.29479) failed: Permission > denieddisable selinux and try again -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org