Geoff Sweet
2009-Dec-23 20:18 UTC
[Dovecot] Permissions errors while reading messages via IMAP
Greetings all, I have been trying to setup a new system using Postfix and Dovecot to manage email for a bunch of virtual domains. So far everything is great, and I am now at the point where I am trying to build a webmail interface for the system. I'm using RoundCube for now. The tutorial I have been working from is here: http://workaround.org/articles/ispmail-etch/ Which seems to be a decent enough read. At this point I can login without issue but I can't see any mail messages. When I login, dovecot throws errors like this: Dec 23 12:08:49 mail1 dovecot: auth(default): client out: OK 1 user=geoff.sweet at test.com Dec 23 12:08:49 mail1 dovecot: auth(default): master in: REQUEST 1 4312 1 Dec 23 12:08:49 mail1 dovecot: auth(default): master out: USER 1 geoff.sweet at test.com uid=5000 gid=5000 home=/home/vmail/test.com/geoff.sweet Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Effective uid=5000, gid=5000, home=/home/vmail/test.com/geoff.sweet Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir: data=/home/vmail/test.com/geoff.sweet/Maildir Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir++: root=/home/vmail/test.com/geoff.sweet/Maildir, index=, control=, inbox=/home/vmail/test.com/geoff.sweet/Maildir Dec 23 12:08:49 mail1 dovecot: imap-login: Login: user=<geoff.sweet at test.com>, method=PLAIN, rip=192.168.20.11, lip=192.168.20.12 Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Disconnected: Logged out bytes=39/431 Dec 23 12:08:49 mail1 dovecot: auth(default): new auth connection: pid=4315 Dec 23 12:08:49 mail1 dovecot: auth-worker(default): sql(geoff.sweet at test.com,192.168.20.11): query: SELECT email as user, password FROM view_mailboxes WHERE email='geoff.sweet at test.com'; Dec 23 12:08:49 mail1 dovecot: auth(default): client in: AUTH 1 PLAIN service=imap lip=192.168.20.12 rip=192.168.20.11 lport=143 rport=43878 resp=AGdlb2ZmLnN3ZWV0QHdob290aXMuY29tAGJvYjEyMzQ1 Dec 23 12:08:49 mail1 dovecot: auth(default): client out: OK 1 user=geoff.sweet at test.com Dec 23 12:08:49 mail1 dovecot: auth(default): master in: REQUEST 2 4311 1 Dec 23 12:08:49 mail1 dovecot: auth(default): master out: USER 2 geoff.sweet at test.com uid=5000 gid=5000 home=/home/vmail/test.com/geoff.sweet Dec 23 12:08:49 mail1 dovecot: imap-login: Login: user=<geoff.sweet at test.com>, method=PLAIN, rip=192.168.20.11, lip=192.168.20.12 Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Effective uid=5000, gid=5000, home=/home/vmail/test.com/geoff.sweet Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir: data=/home/vmail/test.com/geoff.sweet/Maildir Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): maildir++: root=/home/vmail/test.com/geoff.sweet/Maildir, index=, control=, inbox=/home/vmail/test.com/geoff.sweet/Maildir Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): Namespace : Using permissions from /home/vmail/test.com/geoff.sweet/Maildir: mode=0700 gid=-1 Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot-uidlist) failed: Permission denied Dec 23 12:08:49 mail1 last message repeated 2 times There is some permission issue that allows dovecot to deliver email to the /home/vmail location (I dislike this location and want to change it) via the dovecot LDA process, but then not be able to read it when accessed via IMAP. I'm very confused lol. Dovecot version 1.2.9 dovecot -n: # 1.2.9: /etc/dovecot.conf # OS: Linux 2.6.18-164.6.1.el5 i686 CentOS release 5.4 (Final) ext3 login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_greeting: Dovecot ready. mail_location: maildir:/home/vmail/%d/%n/Maildir mail_debug: yes mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 lda: log_path: /home/vmail/dovecot-deliver.log auth_socket_path: /var/run/dovecot/auth-master postmaster_address: postmaster at test.com mail_plugins: global_script_path: /home/vmail/globalsieverc auth default: mechanisms: plain login debug: yes debug_passwords: yes passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: static args: uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail
Timo Sirainen
2009-Dec-23 21:03 UTC
[Dovecot] Permissions errors while reading messages via IMAP
On Wed, 2009-12-23 at 12:18 -0800, Geoff Sweet wrote:> Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)..> There is some permission issue that allows dovecot to deliver email to the /home/vmail location (I dislike this location and want to change it) via the dovecot LDA process, but then not be able to read it when accessed via IMAP. I'm very confused lol.Apparently you want the emails to be owned by vmail:vmail, but you're running deliver as something else than vmail and the resulting files won't be owned by vmail:vmail.. So you're calling deliver wrong from Postfix. Your master.cf probably has dovecot pipe, it should have user=vmail:vmail. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 197 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20091223/d7b6125d/attachment-0002.bin>
Geoff Sweet
2009-Dec-23 21:13 UTC
[Dovecot] Permissions errors while reading messages via IMAP
Delivery doesn't seem to be the issue. The issue appears to be reading the mail later on. Here is my master.cf line for dovecot: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -d ${recipient} and as you can see, the files in the delivery location have the correct permissions for being delivered by user "vmail": # ls -la total 64 drwx------ 5 vmail vmail 4096 Dec 23 12:11 . drwx------ 3 vmail vmail 4096 Dec 21 17:41 .. drwx------ 2 vmail vmail 4096 Dec 21 17:41 cur -rw------- 1 vmail vmail 224 Dec 22 00:01 dovecot.index -rw------- 1 vmail vmail 572 Dec 23 11:51 dovecot.index.log -rw------- 1 vmail vmail 472 Dec 23 11:51 dovecot-uidlist drwx------ 2 vmail vmail 4096 Dec 23 11:51 new drwx------ 2 vmail vmail 4096 Dec 23 11:51 tmp The errors appear when I login via IMAP and try to read the messages. -Geoff ________________________________________ From: Timo Sirainen [tss at iki.fi] Sent: Wednesday, December 23, 2009 1:03 PM To: Geoff Sweet Cc: dovecot at dovecot.org Subject: Re: [Dovecot] Permissions errors while reading messages via IMAP On Wed, 2009-12-23 at 12:18 -0800, Geoff Sweet wrote:> Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sweet at test.com): open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +r perm: /home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)..> There is some permission issue that allows dovecot to deliver email to the /home/vmail location (I dislike this location and want to change it) via the dovecot LDA process, but then not be able to read it when accessed via IMAP. I'm very confused lol.Apparently you want the emails to be owned by vmail:vmail, but you're running deliver as something else than vmail and the resulting files won't be owned by vmail:vmail.. So you're calling deliver wrong from Postfix. Your master.cf probably has dovecot pipe, it should have user=vmail:vmail.