dovecot - Jun 2010 - Shared Mailbox Questions

Hi All, 

I've pored over the wiki, read through the archive, and have what I believe
should be a working set-up, but I can't seem to get my shared namespace to
work correctly. Any guidance would be much appreciated.

I started off using a flat file for acl_shared_dict and ran into the same
problem recently reported with the shared-database file getting chown'd to
the first user to touch it with 0600 permissions. So I thought I'd give it a
whirl with sqlite.

Here are the (hopefully) relevant bits from dovecot -n (the entire output is
posted below). This is dovecot 1.2.9 running on a freshly installed ubuntu 10.4
server:

namespace: 
  type: shared 
  separator: / 
  prefix: shared/%%u/ 
  location: maildir:/home/staff/%%n/Maildir:INDEX=~/Maildir/shared/%%u 
  list: children 
plugin: 
  acl_shared_dict: proxy::acl 
dict: 
  acl: sqlite:/etc/dovecot/acl-shared-dict.conf 

acl-shared-dict.conf looks like this: 

connect = /home/staff/dovecot/acl-shared-ns.sqlite 

map { 
  table = acl_shared_ns 
  pattern = shared/shared-boxes/user/$to/$from 
  value_field = has_visible_folders 
  fields { 
    from_user = $from 
    to_user = $to 
  } 
} 

/home/staff/dovecot/acl-shared-ns.sqlite is set 0666, and I can add records to
it from the sqlite command line as a normal user. The table was created with:

CREATE TABLE acl_shared_ns (from_user, to_user, has_visible_folders, PRIMARY KEY
(from_user) ON CONFLICT REPLACE);

When I attempt to SETACL from a telnet imap session, I get the following errors
in mail.err:

Jun  9 22:10:23 imap2 dovecot: dict: dict sql iterate failed: file is encrypted
or is not a database
Jun  9 22:10:23 imap2 dovecot: dict: dict sql iterate failed: file is encrypted
or is not a database
Jun  9 22:10:23 imap2 dovecot: dict: sqlite: exec(INSERT INTO acl_shared_ns
(has_visible_folders,to_user,from_user) VALUES
('1','chobbs','IOchoa')) failed: file is encrypted or is
not a database (26)
Jun  9 22:10:23 imap2 dovecot: IMAP(IOchoa): read(/var/run/dovecot/dict-server)
failed: Remote disconnected
Jun  9 22:10:23 imap2 dovecot: IMAP(IOchoa): acl: dict commit failed 
Jun  9 22:10:23 imap2 dovecot: dovecot: child 8268 (dict) killed with signal 11
(core dumps disabled)

Running that same "INSERT INTO..." as the IOchoa user from the sqlite
command line works just fine.

At this point any further deleteacl or setacl commands simply hang, presumably
because there's no longer a running dict process.

Here is the entire output of dovecot -n: 

# 1.2.9: /etc/dovecot/dovecot.conf 
# OS: Linux 2.6.32-22-server x86_64 Ubuntu 10.04 LTS 
log_timestamp: %Y-%m-%d %H:%M:%S 
protocols: imap imaps pop3 pop3s managesieve 
listen(default): * 
listen(imap): * 
listen(pop3): * 
listen(managesieve): *:2000 
disable_plaintext_auth: no 
login_dir: /var/run/dovecot/login 
login_executable(default): /usr/lib/dovecot/imap-login 
login_executable(imap): /usr/lib/dovecot/imap-login 
login_executable(pop3): /usr/lib/dovecot/pop3-login 
login_executable(managesieve): /usr/lib/dovecot/managesieve-login 
mail_privileged_group: mail 
mail_uid: mail 
mail_gid: mail 
mail_location: maildir:~/Maildir 
mmap_disable: yes 
mail_nfs_storage: yes 
mail_nfs_index: yes 
mbox_write_locks: fcntl dotlock 
mail_executable(default): /usr/lib/dovecot/imap 
mail_executable(imap): /usr/lib/dovecot/imap 
mail_executable(pop3): /usr/lib/dovecot/pop3 
mail_executable(managesieve): /usr/lib/dovecot/managesieve 
mail_plugins(default): acl imap_acl 
mail_plugins(imap): acl imap_acl 
mail_plugins(pop3): 
mail_plugins(managesieve): 
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap 
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap 
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 
mail_plugin_dir(managesieve): /usr/lib/dovecot/modules/managesieve 
namespace: 
  type: private 
  separator: / 
  inbox: yes 
  list: yes 
  subscriptions: yes 
namespace: 
  type: shared 
  separator: / 
  prefix: shared/%%u/ 
  location: maildir:/home/staff/%%n/Maildir:INDEX=~/Maildir/shared/%%u 
  list: children 
lda: 
  deliver_log_format: %$ -- FROM=%f SUBJECT=%s 
  mail_plugins: cmusieve acl 
  log_path: 
  info_log_path: 
  syslog_facility: mail 
  postmaster_address: postmaster at nhusd.k12.ca.us 
  hostname: mail.nhusd.k12.ca.us 
auth default: 
  passdb: 
    driver: pam 
  passdb: 
    driver: ldap 
    args: /etc/dovecot/dovecot-ldap.conf 
  userdb: 
    driver: passwd 
  userdb: 
    driver: ldap 
    args: /etc/dovecot/dovecot-ldap.conf 
plugin: 
  acl: vfile 
  acl_shared_dict: proxy::acl 
  sieve: ~/.dovecot.sieve 
  sieve_dir: ~/sieve 
dict: 
  acl: sqlite:/etc/dovecot/acl-shared-dict.conf 
Chris Hobbs
Director, Technology
New Haven Unified School District




--
This message was scanned by ESVA and is believed to be clean.

On ke, 2010-06-09 at 22:19 -0700, Chris Hobbs wrote:
> I started off using a flat file for acl_shared_dict and ran into the same
problem recently reported with the shared-database file getting chown'd to
the first user to touch it with 0600 permissions.
Well, no one reported that they were getting this error:

Error: fchown(/var/lib/dovecot/shared-mailboxes.lock, -1, 1002) failed:
Operation not permitted

That's the only reason I can think of why preserving the permissions
wouldn't work. Fixed now:
http://hg.dovecot.org/dovecot-1.2/rev/0b0cb71aea03
> Jun  9 22:10:23 imap2 dovecot: dict: dict sql iterate failed: file is
encrypted or is not a database
I don't know about this..