* Timo Sirainen <tss at iki.fi> 2015.09.08 12:20:> How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 > > If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there.$ doveadm mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: Sep 8 13:19:07 nihlus dovecot: auth: Debug: master in: USER#0111#011tlx at leuxner.net#011service=doveadm Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx at leuxner.net): userdb cache miss Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file /var/vmail/auth.d/leuxner.net/passwd: Read 1 users in 0 secs Sep 8 13:19:07 nihlus dovecot: auth: Debug: passwd-file(tlx at leuxner.net): lookup: user=tlx at leuxner.net file=/var/vmail/auth.d/leuxner.net/passwd Sep 8 13:19:07 nihlus dovecot: auth: Debug: userdb out: USER#0111#011tlx at leuxner.net#011uid=5000#011gid=5000#011home=/var/vmail/domains/leuxner.net/tlx#011quota_rule=*:storage=5G#011acl_groups=PublicMailboxAdmins With IMAP it is more talkative: 3 create "Public/Archive/Mailing-Lists/Dovecot/2015" Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: dict quota: user=tlx at leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, altSep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox /public Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, altSep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 0 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, altSep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: owner = 1 Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins Sep 8 13:06:29 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/domains/leuxner.net/tlx/mdbox/mailboxes/dovecot-acl not found Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace : Using permissions from /var/vmail/domains/leuxner.net/tlx/mdbox: mode=0700 gid=default Sep 8 13:07:13 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace Public/: Using permissions from /var/vmail/public: mode=0700 gid=default Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Namespace Public/: /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015 doesn't exist yet, using default permissions Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: Mailbox 'Public/Archive/Mailing-Lists/Dovecot/2015' matches global ACL pattern 'Public/*' Sep 8 13:07:42 nihlus dovecot: imap(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/Archive/Mailing-Lists/Dovecot/2015/dbox-Mails/dovecot-acl not found # 2.2.18 (500e8dd7a389): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.8 # OS: Linux 3.16.0-4-amd64 x86_64 Debian 8.2 auth_cache_size = 16 k auth_debug = yes auth_verbose = yes deliver_log_format = msgid=%m, time=%{delivery_time}ms, status=%$ hostname = host.domain.tld imap_hibernate_timeout = 1 mins imap_id_log = * imap_logout_format = in=%i out=%o hdr=%{fetch_hdr_count} body=%{fetch_body_count} del=%{deleted} exp=%{expunged} trash=%{trashed} mail_debug = yes mail_location = mdbox:~/mdbox mail_plugins = acl quota stats zlib virtual mailbox_list_index = yes namespace { list = yes location = mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public prefix = Public/ separator = / subscriptions = no type = public } namespace { location = virtual:~/mdbox/virtual prefix = Virtual/ separator = / } namespace inbox { hidden = no inbox = yes location mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix separator = / type = private } passdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } plugin { acl = vfile:/var/vmail/conf.d/%d/global-acl:cache_secs=300 mail_log_events = expunge mailbox_delete quota = dict:user::file:%h/mdbox/dovecot-quota quota_grace = 10%% quota_rule = *:storage=1GB quota_rule2 = Trash:storage=+10%% quota_status_nouser = DUNNO quota_status_success = DUNNO sieve = file:~/sieve;active=~/.dovecot.sieve sieve_global_dir = /var/vmail/conf.d/%d/sieve stats_refresh = 30s stats_track_cmds = yes zlib_save = gz zlib_save_level = 6 } protocols = " imap lmtp" quota_full_tempfail = yes service auth-worker { unix_listener auth-worker { user = doveauth } user = doveauth } service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } user = doveauth } service imap-hibernate { unix_listener imap-hibernate { user = vmail } } service imap-login { inet_listener imap { address = 1.2.3.4 port = 143 reuse_port = yes } inet_listener imaps { port = 0 } process_min_avail = 8 } service imap { unix_listener imap-master { user = dovecot } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0660 user = postfix } } service quota-status { client_limit = 1 executable = quota-status -p postfix unix_listener /var/spool/postfix/private/quota-status { group = postfix mode = 0660 user = postfix } } service stats { fifo_listener stats-mail { mode = 0600 user = vmail } } ssl_ca = </etc/ssl/certs/Comodo_RSA_Domain_Validation_SHA-2_Intermediates_CA_Bundle.crt ssl_cert = </etc/ssl/certs/host_domain_tld.crt ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/host_domain_tld.key ssl_protocols = !SSLv2 !SSLv3 syslog_facility = local1 userdb { args = username_format=%u /var/vmail/auth.d/%d/passwd driver = passwd-file } verbose_proctitle = yes protocol lmtp { mail_plugins = acl quota stats zlib virtual sieve } protocol imap { mail_max_userip_connections = 20 mail_plugins = acl quota stats zlib virtual mail_log notify imap_acl imap_quota imap_stats } -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150908/88adc761/attachment.sig>
On 09/08/2015 02:26 PM, Thomas Leuxner wrote:> * Timo Sirainen <tss at iki.fi> 2015.09.08 12:20: > >> How does the PublicMailboxAdmins group get set? Looks to me like the problem is that it's not getting set to doveadm. Here's an easy way to check if that's the problem or something else: http://hg.dovecot.org/dovecot-2.2/rev/500e8dd7a389 >> >> If that doesn't help: Show your full doveconf -n, set auth_debug=yes and mail_debug=yes and show the debug logs for IMAP login and doveadm. There's a difference somewhere in there. > > $ doveadm mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 > doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied > > Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough:With doveadm you need to give -D parameter for it to log debug output.
* Timo Sirainen <tss at iki.fi> 2015.09.08 14:28:> > Both debug levels raised, it doesn't log about the problem when using doveadm. I guess the patch is not enough: > > With doveadm you need to give -D parameter for it to log debug output.Comparing this to the previous imap log it does seem to ignore the global ACL pattern: $ doveadm -D mailbox create -u tlx at leuxner.net Public/Archive/Mailing-Lists/Dovecot/2015 Debug: Loading modules from directory: /usr/lib/dovecot/modules Debug: Module loaded: /usr/lib/dovecot/modules/lib01_acl_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib10_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_virtual_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib20_zlib_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/lib90_stats_plugin.so Debug: Loading modules from directory: /usr/lib/dovecot/modules/doveadm Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_acl_plugin.so Debug: Skipping module doveadm_expire_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_expire_plugin.so: undefined symbol: expire_set_deinit (this is usually intentional, so just ignore this message) Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_quota_plugin.so Debug: Module loaded: /usr/lib/dovecot/modules/doveadm/lib10_doveadm_sieve_plugin.so Debug: Skipping module doveadm_fts_lucene_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_lucene_plugin.so: undefined symbol: lucene_index_iter_deinit (this is usually intentional, so just ignore this message) Debug: Skipping module doveadm_fts_plugin, because dlopen() failed: /usr/lib/dovecot/modules/doveadm/lib20_doveadm_fts_plugin.so: undefined symbol: fts_backend_rescan (this is usually intentional, so just ignore this message) doveadm(tlx at leuxner.net): Debug: auth input: tlx at leuxner.net quota_rule=*:storage=5G acl_groups=PublicMailboxAdmins uid=5000 gid=5000 home=/var/vmail/domains/leuxner.net/tlx doveadm(tlx at leuxner.net): Debug: Added userdb setting: plugin/acl_groups=PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: Added userdb setting: plugin/quota_rule=*:storage=5G doveadm(tlx at leuxner.net): Debug: Effective uid=5000, gid=5000, home=/var/vmail/domains/leuxner.net/tlx doveadm(tlx at leuxner.net): Debug: acl: No acl_shared_dict setting - shared mailbox listing is disabled doveadm(tlx at leuxner.net): Debug: Quota root: name=user backend=dict args=:file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota doveadm(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=* bytes=5368709120 messages=0 doveadm(tlx at leuxner.net): Debug: Quota rule: root=user mailbox=Trash bytes=+536870912 (10%) messages=0 doveadm(tlx at leuxner.net): Debug: Quota grace: root=user bytes=536870912 (10%) doveadm(tlx at leuxner.net): Debug: dict quota: user=tlx at leuxner.net, uri=file:/var/vmail/domains/leuxner.net/tlx/mdbox/dovecot-quota, noenforcing=0 doveadm(tlx at leuxner.net): Debug: Namespace inbox: type=private, prefix=, sep=/, inbox=yes, hidden=no, list=yes, subscriptions=yes location=mdbox:~/mdbox doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox, index=, indexpvt=, control=, inbox=, altdoveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=public, prefix=Public/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=no location=mdbox:/var/vmail/public:INDEXPVT=~/mdbox/public doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/public, index=, indexpvt=/var/vmail/domains/leuxner.net/tlx/mdbox/public, control=, inbox=, altdoveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 0 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: Namespace : type=private, prefix=Virtual/, sep=/, inbox=no, hidden=no, list=yes, subscriptions=yes location=virtual:~/mdbox/virtual doveadm(tlx at leuxner.net): Debug: fs: root=/var/vmail/domains/leuxner.net/tlx/mdbox/virtual, index=, indexpvt=, control=, inbox=, altdoveadm(tlx at leuxner.net): Debug: acl: initializing backend with data: vfile:/var/vmail/conf.d/leuxner.net/global-acl:cache_secs=300 doveadm(tlx at leuxner.net): Debug: acl: acl username = tlx at leuxner.net doveadm(tlx at leuxner.net): Debug: acl: owner = 1 doveadm(tlx at leuxner.net): Debug: acl: group added: PublicMailboxAdmins doveadm(tlx at leuxner.net): Debug: acl vfile: Global ACL file: /var/vmail/conf.d/leuxner.net/global-acl doveadm(tlx at leuxner.net): Debug: acl vfile: file /var/vmail/public/mailboxes/dovecot-acl not found doveadm(tlx at leuxner.net): Error: Can't create mailbox Public/Archive/Mailing-Lists/Dovecot/2015: Permission denied -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 181 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20150908/2b0bb233/attachment-0001.sig>