dovecot - Oct 2007 - Segfault when opening a public folder, dovecot 1.1 beta4

I was trying to debug this with gdb, but I'm not sure how to make 
env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap
understand the #shared/decs namespace from below so I can SELECT it.

I have a number of maildirs under #ahared/decs, I tried opening at least
2 of them but dovecot gives sig 11 without a direct error about the problem.
I don't think this was exactly the same problem in 1.1b3, but unfortunately
I deleted all the patches I was testing with so it would be a pain to 
test the same situation with 1.1b3 again (although if needed, I can).

If dovecot-shared exists in the folder I try to open, dovecot says:
Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file 
/home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log:
Operation not
permitted
Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11

I am used to getting the first message because dovecot tries to apply 
perms from dovecot-shared to the index files which are elsewhere.  

If I open a public folder without dovecot-shared, I see no contents
but it does not sig11.  

I am NOT using the acl plugin right now, it didn't seem to make a difference
if it was loaded.  When I left off with the dovecot 1.1b3 + 8 patches, I believe
I was getting an assertion.

Please let me know if I goofed up something, I have a strange feeling about that
here,
or if you need more info.  I'd like to go ahead and get a gdb trace.  

# 1.1.beta4: /usr/local/etc/dovecot.conf
ssl_cert_file: /usr/local/etc/apache2/ssl/cert.pem
ssl_key_file: /usr/local/etc/apache2/ssl/cert.pem
disable_plaintext_auth: no
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_uid: 1000
first_valid_gid: 0
mail_location: 
maildir:%h/Maildir:CONTROL=%h/Maildir/dovecot11testing/private/control:INDEX=%h/Maildir/dovecot11testing/private/indexes
mail_debug: yes
mmap_disable: yes
mail_nfs_storage: yes
mail_nfs_index: yes
mail_log_max_lines_per_sec: 0
imap_client_workarounds: delay-newmail netscape-eoh tb-extra-mailbox-sep
namespace:
  type: public
  separator: /
  prefix: #shared/decs/
  location: 
maildir:/egr/mail/shared/decs:CONTROL=%h/Maildir/dovecot11testing/public/control/decs:INDEX=%h/Maildir/dovecot11testing/public/indexes/decs
  list: yes
  subscriptions: yes
namespace:
  type: private
  separator: /
  prefix: mail/
  location: 
maildir:%h/Maildir:CONTROL=%h/Maildir/dovecot11testing/private/control:INDEX=%h/Maildir/dovecot11testing/private/indexes
  hidden: yes
  subscriptions: yes
namespace:
  type: private
  separator: /
  inbox: yes
  list: yes
  subscriptions: yes
auth default:
  mechanisms: plain login
  passdb:
    driver: pam
  userdb:
    driver: passwd
  socket:
    type: listen
    client:
      path: /var/spool/postfix/private/auth
      mode: 384
      user: postfix
      group: postfix
plugin:
  acl: vfile:/usr/local/etc/dovecot-acls

On Sat, 2007-10-27 at 13:02 -0400, Adam McDougall wrote:
> I was trying to debug this with gdb, but I'm not sure how to make 
> env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap
> understand the #shared/decs namespace from below so I can SELECT it.
Easiest way to figure these kind of things is to set
mail_executable=/tmp/dump.sh which contains:

#!/bin/sh
set > /tmp/dovecot.env

And run dovecot --exec-mail imap. Then either use that information or
just run ". /tmp/dovecot.env" before gdb imap.
> If dovecot-shared exists in the folder I try to open, dovecot says:
> Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with file 
>
/home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log:
Operation not
> permitted
> Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11
Fixed the crash: http://hg.dovecot.org/dovecot/rev/7373240c3d1d

But the real problem is that dovecot-shared file is owned by a group
that your imap process doesn't belong to. You probably want to add it to
mail_extra_groups.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20071027/96a3d777/attachment-0002.bin>

On Sat, Oct 27, 2007 at 08:21:54PM +0300, Timo Sirainen wrote:

  On Sat, 2007-10-27 at 13:02 -0400, Adam McDougall wrote:
  > I was trying to debug this with gdb, but I'm not sure how to make 
  > env MAIL=maildir:~/Maildir MAIL_PLUGINS=acl ACL=vfile gdb /tmp/imap
  > understand the #shared/decs namespace from below so I can SELECT it.
  
  Easiest way to figure these kind of things is to set
  mail_executable=/tmp/dump.sh which contains:
  
  #!/bin/sh
  set > /tmp/dovecot.env
  
  And run dovecot --exec-mail imap. Then either use that information or
  just run ". /tmp/dovecot.env" before gdb imap.

Thanks, I'll use it next time
  
  > If dovecot-shared exists in the folder I try to open, dovecot says:
  > Oct 27 12:57:38 gribble dovecot: IMAP(mcdouga9): fchown() failed with
file
  >
/home/mcdouga9/Maildir/dovecot11testing/public/indexes/decs/.unixadmin/dovecot.index.log:
Operation not
  > permitted
  > Oct 27 12:57:38 gribble dovecot: child 55470 (imap) killed with signal 11
  
  Fixed the crash: http://hg.dovecot.org/dovecot/rev/7373240c3d1d

Agreed
  
  But the real problem is that dovecot-shared file is owned by a group
  that your imap process doesn't belong to. You probably want to add it to
  mail_extra_groups.
  
I want to avoid adding a group to any user that logs in because some of them
are in many groups already and it might push them over the limit that FreeBSD
allows, then they cannot login at all.  With some recent permission changes
I've
done (affects dovecot 1.0 as well), I get a good amount of these fchown errors 
and I was thinking of muting them so they do not fill my log, since they are
harmless
in my setup.  Right now in my public folder permission scheme, the only thing I
need
dovecot-shared for (I think) is making client-added emails world-readable at
least
(currently actually mode 666).  As long as the indexes are accessible by the
user,
I don't care what mode or group they are.