dovecot - Feb 2009 - problems with dotlock

I have to make dotlock work because this openwebmail thing
only supports one of dotlock or flock, but procmail delivery
does dotlock and fcntl.  procmail correctly creates a
dotlock file in /var/spool/mail/username.lock when
delivering, I can watch this with `while :; do ls -la | grep
lock; done`.

It works fine when lock_method=fcntl, but no dotlock file
shows up in /var/spool/mail.  mbox_write_locks are working
correctly with mbox_write_locks = dotlock fcntl, the dotlock
file shows up in the user's mail directory.

However, dotlocking /var/spool/mail doesn't work:

$ ls -la /var/spool/mail
total 44
drwxrwxr-x  2 root               mail 4096 Feb 25 17:39 .

$ grep mail_privileged_group /etc/mail/dovecot.conf
mail_privileged_group = mail

Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): Effective uid=511,
gid=100
Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): mbox:
data=/home/anubis/despam_test_anubis/mail:INBOX=/var/spool/mail/despam_test_anubis
Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): mbox:
root=/home/anubis/despam_test_anubis/mail,
index=/home/anubis/despam_test_anubis/mail,
inbox=/var/spool/mail/despam_test_anubis
Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): file_lock_dotlock()
failed with mbox file /var/spool/mail/despam_test_anubis: Permission denied
Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): Couldn't open
INBOX: Internal error occurred. Refer to server log for more information.
[2009-02-25 17:45:45]
Feb 25 17:45:45 anubis dovecot: POP3(despam_test_anubis): Couldn't open
INBOX top=0/0, retr=0/0, del=0/0, size=0
Feb 25 17:45:45 anubis dovecot: pop3-login: Login:
user=<despam_test_anubis>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1,
secured

gid=100 = group 'users'.

I tried making all of the binaries root:mail with g+s, same
as /usr/bin/lockfile, but this was no help.

It also does not help to chmod +t /var/spool/mail.

$ dovecot --version
1.0.7

kernel 2.6.18-92.1.22.el5 centos

mmap_disable = yes (req'd for ~/mail dotlocks, makes no
difference either way for /var/spool/mail)

Any ideas?

Thanks,
Mark

On Feb 25, 2009, at 8:55 PM, Mark Hedges wrote:
> I tried making all of the binaries root:mail with g+s, same
> as /usr/bin/lockfile, but this was no help.
It doesn't, because Dovecot starts them as root and then changes the  
privileges.
> It also does not help to chmod +t /var/spool/mail.
Maybe not alone, but this should work:

chmod 0777 /var/spool/mail
chmod +t /var/spool/mail

Or you could set mail_access_groups (or perhaps it's still called  
mail_extra_groups in your version) to "mail", assuming /var/spool/mail
was owned by group mail and was group-writable.

on 2-25-2009 5:55 PM Mark Hedges spake the following:
> I have to make dotlock work because this openwebmail thing
> only supports one of dotlock or flock, but procmail delivery
> does dotlock and fcntl.  procmail correctly creates a
> dotlock file in /var/spool/mail/username.lock when
> delivering, I can watch this with `while :; do ls -la | grep
> lock; done`.
I am moving away from openwebmail because of its wanting to access the
mailstore directly. It has caused many problems through the years, and I want
to move to Maildir anyway.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
URL:
<http://dovecot.org/pipermail/dovecot/attachments/20090226/69d7e3d6/attachment-0002.bin>