Geoff Sweet
2009-Dec-23 20:18 UTC
[Dovecot] Permissions errors while reading messages via IMAP
Greetings all,
I have been trying to setup a new system using Postfix and Dovecot to manage
email for a bunch of virtual domains. So far everything is great, and I am now
at the point where I am trying to build a webmail interface for the system.
I'm using RoundCube for now.
The tutorial I have been working from is here:
http://workaround.org/articles/ispmail-etch/
Which seems to be a decent enough read.
At this point I can login without issue but I can't see any mail messages.
When I login, dovecot throws errors like this:
Dec 23 12:08:49 mail1 dovecot: auth(default): client out: OK 1 user=geoff.sweet
at test.com
Dec 23 12:08:49 mail1 dovecot: auth(default): master in: REQUEST 1 4312 1
Dec 23 12:08:49 mail1 dovecot: auth(default): master out: USER 1 geoff.sweet at
test.com uid=5000 gid=5000 home=/home/vmail/test.com/geoff.sweet
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Effective
uid=5000, gid=5000, home=/home/vmail/test.com/geoff.sweet
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir:
data=/home/vmail/test.com/geoff.sweet/Maildir
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir++:
root=/home/vmail/test.com/geoff.sweet/Maildir, index=, control=,
inbox=/home/vmail/test.com/geoff.sweet/Maildir
Dec 23 12:08:49 mail1 dovecot: imap-login: Login: user=<geoff.sweet at
test.com>, method=PLAIN, rip=192.168.20.11, lip=192.168.20.12
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Disconnected:
Logged out bytes=39/431
Dec 23 12:08:49 mail1 dovecot: auth(default): new auth connection: pid=4315
Dec 23 12:08:49 mail1 dovecot: auth-worker(default): sql(geoff.sweet at
test.com,192.168.20.11): query: SELECT email as user, password FROM
view_mailboxes WHERE email='geoff.sweet at test.com';
Dec 23 12:08:49 mail1 dovecot: auth(default): client in: AUTH 1 PLAIN
service=imap lip=192.168.20.12 rip=192.168.20.11 lport=143 rport=43878
resp=AGdlb2ZmLnN3ZWV0QHdob290aXMuY29tAGJvYjEyMzQ1
Dec 23 12:08:49 mail1 dovecot: auth(default): client out: OK 1 user=geoff.sweet
at test.com
Dec 23 12:08:49 mail1 dovecot: auth(default): master in: REQUEST 2 4311 1
Dec 23 12:08:49 mail1 dovecot: auth(default): master out: USER 2 geoff.sweet at
test.com uid=5000 gid=5000 home=/home/vmail/test.com/geoff.sweet
Dec 23 12:08:49 mail1 dovecot: imap-login: Login: user=<geoff.sweet at
test.com>, method=PLAIN, rip=192.168.20.11, lip=192.168.20.12
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Effective
uid=5000, gid=5000, home=/home/vmail/test.com/geoff.sweet
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir:
data=/home/vmail/test.com/geoff.sweet/Maildir
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir++:
root=/home/vmail/test.com/geoff.sweet/Maildir, index=, control=,
inbox=/home/vmail/test.com/geoff.sweet/Maildir
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Namespace : Using
permissions from /home/vmail/test.com/geoff.sweet/Maildir: mode=0700 gid=-1
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com):
open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed:
Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm:
/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)
Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com):
open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot-uidlist) failed:
Permission denied
Dec 23 12:08:49 mail1 last message repeated 2 times
There is some permission issue that allows dovecot to deliver email to the
/home/vmail location (I dislike this location and want to change it) via the
dovecot LDA process, but then not be able to read it when accessed via IMAP.
I'm very confused lol.
Dovecot version 1.2.9
dovecot -n:
# 1.2.9: /etc/dovecot.conf
# OS: Linux 2.6.18-164.6.1.el5 i686 CentOS release 5.4 (Final) ext3
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_greeting: Dovecot ready.
mail_location: maildir:/home/vmail/%d/%n/Maildir
mail_debug: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
lda:
log_path: /home/vmail/dovecot-deliver.log
auth_socket_path: /var/run/dovecot/auth-master
postmaster_address: postmaster at test.com
mail_plugins:
global_script_path: /home/vmail/globalsieverc
auth default:
mechanisms: plain login
debug: yes
debug_passwords: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-sql.conf
userdb:
driver: static
args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
socket:
type: listen
client:
path: /var/spool/postfix/private/auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
Timo Sirainen
2009-Dec-23 21:03 UTC
[Dovecot] Permissions errors while reading messages via IMAP
On Wed, 2009-12-23 at 12:18 -0800, Geoff Sweet wrote:> Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)..> There is some permission issue that allows dovecot to deliver email to the /home/vmail location (I dislike this location and want to change it) via the dovecot LDA process, but then not be able to read it when accessed via IMAP. I'm very confused lol.Apparently you want the emails to be owned by vmail:vmail, but you're running deliver as something else than vmail and the resulting files won't be owned by vmail:vmail.. So you're calling deliver wrong from Postfix. Your master.cf probably has dovecot pipe, it should have user=vmail:vmail. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091223/d7b6125d/attachment-0002.bin>
Geoff Sweet
2009-Dec-23 21:13 UTC
[Dovecot] Permissions errors while reading messages via IMAP
Delivery doesn't seem to be the issue. The issue appears to be reading the
mail later on.
Here is my master.cf line for dovecot:
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d
${recipient}
and as you can see, the files in the delivery location have the correct
permissions for being delivered by user "vmail":
# ls -la
total 64
drwx------ 5 vmail vmail 4096 Dec 23 12:11 .
drwx------ 3 vmail vmail 4096 Dec 21 17:41 ..
drwx------ 2 vmail vmail 4096 Dec 21 17:41 cur
-rw------- 1 vmail vmail 224 Dec 22 00:01 dovecot.index
-rw------- 1 vmail vmail 572 Dec 23 11:51 dovecot.index.log
-rw------- 1 vmail vmail 472 Dec 23 11:51 dovecot-uidlist
drwx------ 2 vmail vmail 4096 Dec 23 11:51 new
drwx------ 2 vmail vmail 4096 Dec 23 11:51 tmp
The errors appear when I login via IMAP and try to read the messages.
-Geoff
________________________________________
From: Timo Sirainen [tss at iki.fi]
Sent: Wednesday, December 23, 2009 1:03 PM
To: Geoff Sweet
Cc: dovecot at dovecot.org
Subject: Re: [Dovecot] Permissions errors while reading messages via IMAP
On Wed, 2009-12-23 at 12:18 -0800, Geoff Sweet wrote:> Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com):
open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed:
Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm:
/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)
..> There is some permission issue that allows dovecot to deliver email to the
/home/vmail location (I dislike this location and want to change it) via the
dovecot LDA process, but then not be able to read it when accessed via IMAP.
I'm very confused lol.
Apparently you want the emails to be owned by vmail:vmail, but you're
running deliver as something else than vmail and the resulting files
won't be owned by vmail:vmail..
So you're calling deliver wrong from Postfix. Your master.cf probably
has dovecot pipe, it should have user=vmail:vmail.