Wolfgang.Friebel at desy.de
2010-Jan-04 17:15 UTC
[Dovecot] managesieve does call a wrong chown
After upgrading from dovecot 1.2.3, managesieve 0.11.8, sieve 0.1.11 to
dovecot 1.2.9, managesieve 0.11.10 and sieve 0.1.14 users who do not have
sieve rules yet and use managesieve for the first time do trigger error
messages in the log file (for the authenticated user ggg in group syspr):
Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg):
chown(/var/spool/sieve/ggg, -1, 0(root)) failed: Operation not permitted
(egid=203(syspr))
Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg): sieve-storage:
sieve_storage_verify_dir(/var/spool/sieve/ggg/tmp) failed: Operation not
permitted
Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg): Fatal: Failed to create
sieve storage with data: /var/spool/sieve/ggg
Anyway the filter rules get created (used avelsieve) and the filter does
get compiled when the first mail hits the rule. Subsequent invocations of
managesieve do not try to change the group ownership of the directory.
Looks like an annoyance only, but I would feel more comfortable w.o. the
error messages.
the dovecot -n output:
# 1.2.9: /etc/dovecot.conf
# OS: Linux 2.6.18-164.6.1.el5 x86_64 Scientific Linux SL release 5.4 (Boron)
protocols: imap imaps managesieve
listen(default): *
listen(imap): *
listen(managesieve): *:2009
shutdown_clients: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(managesieve): /usr/libexec/dovecot/managesieve-login
login_processes_count: 5
login_max_processes_count: 512
verbose_proctitle: yes
mail_location: maildir:~/Maildir
mmap_disable: yes
fsync_disable: yes
lock_method: dotlock
maildir_copy_with_hardlinks: no
mbox_read_locks: dotlock flock
mbox_write_locks: dotlock flock
mail_drop_priv_before_exec: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(managesieve): /usr/libexec/dovecot/managesieve
mail_plugins(default): quota imap_quota zlib acl imap_acl listescape
mail_plugins(imap): quota imap_quota zlib acl imap_acl listescape
mail_plugins(managesieve):
mail_plugin_dir(default): /usr/lib64/dovecot/imap
mail_plugin_dir(imap): /usr/lib64/dovecot/imap
mail_plugin_dir(managesieve): /usr/lib64/dovecot/managesieve
imap_client_workarounds(default): delay-newmail netscape-eoh
tb-extra-mailbox-sep outlook-idle
imap_client_workarounds(imap): delay-newmail netscape-eoh tb-extra-mailbox-sep
outlook-idle
imap_client_workarounds(managesieve):
namespace:
type: private
separator: /
location: maildir:~/Maildir
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
separator: /
prefix: #mbox/
location: mbox:~/mail:CONTROL=~/mboxctrl
hidden: yes
list: no
subscriptions: yes
lda:
postmaster_address: postmaster at ifh.de
mail_plugins: sieve quota acl
sieve_global_path: /var/spool/sieve/default.sieve
quota_full_tempfail: yes
auth_socket_path: /var/run/dovecot/auth-master
fsync_disable: no
auth default:
mechanisms: gssapi gss-spnego login plain
realms: IFH.DE DESY.DE
cache_size: 32
passdb:
driver: pam
args: max_requests=1 cache_key=%u
userdb:
driver: passwd-file
args: /etc/userdb
socket:
type: listen
client:
path: /var/run/dovecot/auth-client
mode: 432
master:
path: /var/run/dovecot/auth-master
mode: 438
plugin:
quota: maildir:User Quota
quota_rule: *:storage=1000MB
quota_rule2: INBOX:storage=1000MB
quota_rule3: Trash:ignore
acl: vfile:/etc/dovecot-acls:cache_secs=300
acl_shared_dict: file:/var/spool/shared/shared-mailboxes.db
sieve_storage: /var/spool/sieve/%u
sieve: /var/spool/sieve/%u.sieve
quota_warning: storage=95%% /usr/local/bin/mailquota-warning.sh 95
quota_warning2: storage=80%% /usr/local/bin/mailquota-warning.sh 80
quota_warning3: storage=60%% /usr/local/bin/mailquota-warning.sh 60
--
Wolfgang Friebel Deutsches Elektronen-Synchrotron DESY
Phone/Fax: +49 33762 77372/216 Platanenallee 6
Mail: Wolfgang.Friebel AT desy.de D-15738 Zeuthen Germany
Wolfgang.Friebel at desy.de
2010-Jan-06 14:54 UTC
[Dovecot] managesieve does call a wrong chown
On Mon, 4 Jan 2010, Wolfgang.Friebel at desy.de wrote:> After upgrading from dovecot 1.2.3, managesieve 0.11.8, sieve 0.1.11 to > dovecot 1.2.9, managesieve 0.11.10 and sieve 0.1.14 users who do not have > sieve rules yet and use managesieve for the first time do trigger error > messages in the log file (for the authenticated user ggg in group syspr): > > Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg): chown(/var/spool/sieve/ggg, > -1, 0(root)) failed: Operation not permitted (egid=203(syspr)) > Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg): sieve-storage: > sieve_storage_verify_dir(/var/spool/sieve/ggg/tmp) failed: Operation not > permitted > Jan 4 17:35:26 apollo dovecot: MANAGESIEVE(ggg): Fatal: Failed to create > sieve storage with data: /var/spool/sieve/ggg >replying to my own mail :-) I did try to look into the code and see where this chown(dir, -1, 0) is coming from. It looks like the call is in mkdir_chown invoked in dovecot-1.2-managesieve-0.11.10/src/lib-sievestorage/sieve-storage.c line 249. This piece of code is (if I understand it correctly) trying to set the group permissions according to the parent directory (assuming that the sieve storage is somewhere in the users home dir). I did however choose to have a different dir layout, the sieve storage is under /var/spool/sieve/ which has permissions 1777 and is owned by root:root. Therefore the chown(dir, -1, 0) call is failing, as the parent dir does not belong to the group of the user but to root. As the directory structure is nevertheless created (with the correct permissions), the next use of managesieve does no longer complain about wrong permissions and managesieve is correctly working. Should I change my choice of sieve_dir as suggested in the wiki: # Directory for :personal include scripts. The default is to use home directory. sieve_dir = %h/sieve or is my setting a correct alternative? Best regards -- Wolfgang Friebel Deutsches Elektronen-Synchrotron DESY Phone/Fax: +49 33762 77372/216 Platanenallee 6 Mail: Wolfgang.Friebel AT desy.de D-15738 Zeuthen Germany