thr3ads.net - dovecot - Permission denied UNIX perms appear ok (ACL/MAC wrong?)) [Aug 2022]

If this information is useful, please help other people find it:
Share via:

Austin Witmer

2022-Aug-20 18:09 UTC

Permission denied UNIX perms appear ok (ACL/MAC wrong?))

And no, I don?t think I am using ACL?s.

getfacl austin /mnt/volume1/mailserver/plain/maildir/
getfacl: austin: No such file or directory
getfacl: Removing leading '/' from absolute path names
# file: mnt/volume1/mailserver/plain/maildir/
# owner: austin
# group: austin
user::rwx
group::rwx
other::r--

Austin Witmer 
> On Aug 20, 2022, at 11:15 AM, spi <spi at nurfuerspam.de> wrote:
> 
> ?
>> Am 20.08.22 um 16:52 schrieb Austin Witmer:
>> Hello all!
>> 
>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
>> then I am periodically getting some dovecot errors like the below in
>> my mail log. As far as I can tell, my unix perms are just fine. What
>> is ACL/MAC?
>> 
>> Aug 20 14:41:58 mail dovecot:
>> imap(user at domain.com)<56316><1NieGKPmuOdKwxVI>: Error:
Mailbox INBOX:
>>
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> <http://domain.com/user/dovecot.index.log>) failed: Permission
denied
>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
>> wrong?))
>> 
>> And here is the listing showing the permissions for that file.
>> 
>> *austin at mail*:*~*$ ls -la
>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> <http://domain.com/user/dovecot.index.log>
>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
>>
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> <http://domain.com/user/dovecot.index.log>*
>> 
>> What in the world is causing these errors, and what can I do about
them?
>> 
>> Thanks in advance!
>> 
>> Austin Witmer
> 
> 
> Do you use any ACLs? Is this just a block device mounted or do you use
> any network file sharing like nfs?
> 
> ACLs you can check by 'getfacl foo'.
> 
> --
> Cheers
> spi

Austin Witmer

2022-Aug-23 11:52 UTC

head link

Permission denied UNIX perms appear ok (ACL/MAC wrong?))

Here is the output of dovecot -n

austin at mail:~$ doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS 
# Hostname: mail
auth_mechanisms = plain login
listen = *
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    auto = subscribe
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Spam {
    auto = subscribe
  }
  mailbox Trash {
    auto = subscribe
    special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  sieve =
file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve
  sieve_before = /var/lib/dovecot/sieve/
  sieve_global_dir = /var/lib/dovecot/sieve/
  sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  sieve_user_log =
file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log
}
protocols = imap lmtp pop3 imap lmtp sieve pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  service_count = 1
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
  driver = passwd
}
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
userdb {
  driver = prefetch
}
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocol lmtp {
  hostname = mail.mydomain.com
  mail_plugins = " sieve"
  postmaster_address = postmaster at mydomain.com
}
protocol lda {
  mail_plugins = " sieve"
}


Austin Witmer

> On Aug 20, 2022, at 12:09 PM, Austin Witmer <austin96 at
emypeople.net> wrote:
> 
> And no, I don?t think I am using ACL?s.
> 
> getfacl austin /mnt/volume1/mailserver/plain/maildir/
> getfacl: austin: No such file or directory
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/volume1/mailserver/plain/maildir/
> # owner: austin
> # group: austin
> user::rwx
> group::rwx
> other::r--
> 
> Austin Witmer 
> 
>> On Aug 20, 2022, at 11:15 AM, spi <spi at nurfuerspam.de> wrote:
>> 
>> ?
>>> Am 20.08.22 um 16:52 schrieb Austin Witmer:
>>> Hello all!
>>> 
>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever
since
>>> then I am periodically getting some dovecot errors like the below
in
>>> my mail log. As far as I can tell, my unix perms are just fine.
What
>>> is ACL/MAC?
>>> 
>>> Aug 20 14:41:58 mail dovecot:
>>> imap(user at domain.com)<56316><1NieGKPmuOdKwxVI>:
Error: Mailbox INBOX:
>>>
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> <http://domain.com/user/dovecot.index.log>) failed:
Permission denied
>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
>>> wrong?))
>>> 
>>> And here is the listing showing the permissions for that file.
>>> 
>>> *austin at mail*:*~*$ ls -la
>>>
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> <http://domain.com/user/dovecot.index.log>
>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
>>>
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> <http://domain.com/user/dovecot.index.log>*
>>> 
>>> What in the world is causing these errors, and what can I do about
them?
>>> 
>>> Thanks in advance!
>>> 
>>> Austin Witmer
>> 
>> 
>> Do you use any ACLs? Is this just a block device mounted or do you use
>> any network file sharing like nfs?
>> 
>> ACLs you can check by 'getfacl foo'.
>> 
>> --
>> Cheers
>> spi
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://dovecot.org/pipermail/dovecot/attachments/20220823/ea1b3ce0/attachment-0001.htm>

dovecot - Aug 2022 - Permission denied UNIX perms appear ok (ACL/MAC wrong?))

Permission denied UNIX perms appear ok (ACL/MAC wrong?))

Permission denied UNIX perms appear ok (ACL/MAC wrong?))