Alexander 'Leo' Bergolth
2018-Jul-01 09:19 UTC
permissions of newly created mailboxes only with dovecot-lda and posix acls
Hi! I am experiencing troubles concerning the inheritance of the setgid bit if a new mailbox is created with dovecot-lda. If it is created with dovecot/imap, everything works fine. dovecot-lda is called from postfix like this: ---------- mailbox_command = /usr/local/sbin/postfix-lda.sh ---------- logger -p mail.info -t postfix-lda "H: $HOME, S: $SENDER, R: $RECIPIENT, U: $(umask), id: $(/bin/id); $@" dovecot-lda -f "$SENDER" -a "$RECIPIENT" -onamespace/inbox/location=maildir:~/Maildir:LAYOUT=fs:FULLDIRNAME=__MAILBOX__ ---------- If a mailbox is created with dovecot-lda (sieve), permissions look like that: $ ls -ld Maildir Maildir/2018-q3 Maildir/2018-q3/__MAILBOX__ drwxrws---+ 49 leo leo 4096 Jul 1 09:53 Maildir drwxrwx---+ 3 leo leo 24 Jul 1 09:40 Maildir/2018-q3 drwxrwx---+ 2 leo staff 6 Jul 1 09:40 Maildir/2018-q3/__MAILBOX__ -> The setguid bit of Maildir is not honored and dovecot complains: Jul 1 09:40:42 strike postfix-lda: H: /home/leo, S: testerl at strike.wu.ac.at, R: leo at strike.wu.ac.at, umask: 0077, id: uid=500(leo) gid=500(staff) groups=500(staff); Jul 1 09:40:42 strike dovecot: lda(leo): Error: fchown(/home/leo/Maildir/2018-q3/__MAILBOX__/cur, group=501(leo)) failed: Operation not permitted (egid=500(staff), group based on /home/leo/Maildir/2018-q3 - see http://wiki2.dovecot.org/Errors/ChgrpNoPerm) Jul 1 09:40:42 strike dovecot: lda(leo): Error: mkdir(/home/leo/Maildir/2018-q3/__MAILBOX__/cur) failed: Operation not permitted Jul 1 09:40:42 strike dovecot: lda(leo): Error: sieve: msgid=<20180701074042.1B1241CFB78 at strike.wu.ac.at>: failed to store into mailbox '2018-q3': Internal error occurred. Refer to server log for more information. [2018-07-01 09:40:42] If I create a mailbox with imap, everything works as expected: $ ls -ld Maildir/permtest Maildir/permtest/__MAILBOX__ drwxrws---+ 3 leo leo 24 Jul 1 09:51 Maildir/permtest drwxrws---+ 5 leo leo 108 Jul 1 09:51 Maildir/permtest/__MAILBOX__ mkdir from a shell also works fine. The problem seems to be connected to the Posix ACLs that are set on Maildir: $ getfacl Maildir # file: Maildir # owner: leo # group: leo # flags: -s- user::rwx user:bergolth:rwx group::rwx mask::rwx other::--- default:user::rwx default:user:bergolth:rwx default:group::rwx default:mask::rwx default:other::--x If I remove all Posix ACLs using setfacl -b Maildir, creation of new mailboxes works fine also with dovecot-lda. Why is dovecot-lda behaving differently if Posix-ACLs are set on Maildir? Any why isn't dovecot imap affected? Any help would be greatly appreciated, I am actually clueless! Cheers, --leo dovecot-2.2.32-1leo.el7.centos.x86_64 dovecot-pigeonhole-2.2.32-1leo.el7.centos.x86_64 postfix-2.10.1-6.el7.x86_64 # uname -r 4.4.138-1.el7.elrepo.x86_64 -- e-mail ::: Leo.Bergolth (at) wu.ac.at fax ::: +43-1-31336-906050 location ::: IT-Services | Vienna University of Economics | Austria