[Dovecot] Dovecot + SELinux permission problems
Hi, I have set-up dovecot on a F17 box and am encountering weirdnesses with SELinux (who isn't??). Again, I am trying to refrain from disabling SWLinux all together, however tempting, but am stuck in troubleshooting and hope for some ideas... With SELinux set to permissive, I can connect to dovecot and log in to access my mail as expected. With SELinux enforcing, I can connect to dovecot, but cannot login to access mail. The log states , log_path = /var/log/dovecot (set in 10-logging.conf) | Jun 23 15:43:58 imap-login: Info: Login: user=johndoe, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=15189, secured, session=xJl+U9PfvgB/AAAB | Jun 23 15:43:58 imap(johndoe): Error: chdir(/home/user/data1/Maildir//) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir// stat(/home/user/data1/Maildir//) failed: Permission denied) | Jun 23 15:43:58 imap(johndoe): Error: chdir(/home/user/data1/Maildir/) failed: Permission denied | Jun 23 15:43:58 imap(johndoe): Error: user johndoe: Initialization failed: Namespace '': stat(/home/user/data1/Maildir//johndoe) failed: Permission denied (euid=1000(user) egid=1000(user) missing +w perm: /home/user/data1/Maildir//johndoe stat(/home/user/data1/Maildir//johndoe) failed: Permission denied) | Jun 23 15:43:58 imap(johndoe): Error: Invalid user settings. Refer to server log for more information. ` Only thing I can grasp is *write permission* error. ls -l on the Maildirs shows this should not be the case for uid 1000. , ls -l | drwxrwxr-x. 11 user user 4096 Jul 8 2012 Maildir | \ drwx--. 19 user user 4096 Feb 5 09:04 johndoe ` I have no idea what the server log is referring to, in the debug log I get , debug_log_path = /var/log/dovecot_debug (set in 10-logging.conf) | Jun 23 15:43:58 imap: Debug: Added userdb setting: mail=maildir:~/johndoe | Jun 23 15:43:58 imap(johndoe): Debug: Effective uid=1000, gid=1000, home=/home/user/data1/Maildir/ | Jun 23 15:43:58 imap(johndoe): Debug: Namespace inbox: type=private, prefix=, sep=., inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/johndoe | Jun 23 15:43:58 imap(johndoe): Debug: maildir++: root=/home/user/data1/Maildir//johndoe, index=, control=, inbox=/home/user/data1/Maildir//johndoe, alt= ` I had thought SELinux would log something, but /var/log/audit/audit.log is blank... Where to go from here?? Any ideas appreciated... -- Johnny
Re: [Dovecot] tables between dovecot and postfix and a paradoxical question
Mohsen Pahlevanzadeh skrev den 2013-06-22 01:25: How can i combine together? i created username like this: # sql dump SET SQL_MODE=NO_AUTO_VALUE_ON_ZERO; SET time_zone = +00:00; CREATE TABLE IF NOT EXISTS `username` ( `concat(userid,@,domain)` varchar(257) ); CREATE TABLE IF NOT EXISTS `users` ( `userid` varchar(128) NOT NULL, `domain` varchar(128) NOT NULL, `password` varchar(64) NOT NULL, `home` varchar(255) NOT NULL, `uid` int(11) NOT NULL, `gid` int(11) NOT NULL ) ENGINE=MyISAM DEFAULT CHARSET=latin1; INSERT INTO `users` (`userid`, `domain`, `password`, `home`, `uid`, `gid`) VALUES ('me', 'example.org', 'password', 'homedir', 1000, 1000); DROP TABLE IF EXISTS `username`; CREATE ALGORITHM=UNDEFINED DEFINER=`root`@`localhost` SQL SECURITY DEFINER VIEW `username` AS select concat(`users`.`userid`,'@',`users`.`domain`) AS `concat(userid,@,domain)` from `users`; now username contains same info that postfixadmin creates :) -- senders that put my email into body content will deliver it to my own trashcan, so if you like to get reply, dont do it
Re: [Dovecot] Dovecot + SELinux permission problems
On Sun, Jun 23, 2013 at 04:21:17PM +0100, Johnny wrote: I had thought SELinux would log something, but /var/log/audit/audit.log is blank... Are you running auditd? I believe that if you're not running auditd, the denials should be logged to the kernel ring buffer. Does dmesg show any denials ? Likely dovecot doesn't have access user_home_dir_t/user_home_t. Is all users maildirs below /home/user/data1/Maildir/ ? If so, you can probably fix this by creating a labeling rule for this, and re-label everything below this directory: semanage fcontext -a -t mail_spool_t /home/user/data1/Maildir(/.*)? restorecon -R /home/user/data1/Maildir -jf
[Dovecot] Preoccupied at the moment
Hi, Something's come up and I am preoccupied at the moment until the 2nd of July. I won't be answering Dovecot mailing list until then (maybe a day or two earlier). Regards, Stephan.
Re: [Dovecot] Dovecot + SELinux permission problems
Jan-Frode Myklebust janfr...@tanso.net writes: On Sun, Jun 23, 2013 at 04:21:17PM +0100, Johnny wrote: I had thought SELinux would log something, but /var/log/audit/audit.log is blank... Are you running auditd? I believe that if you're not running auditd, the denials should be logged to the kernel ring buffer. It seems auditd is not running and not happy to start; , systemctl status auditd.service | Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled) | Active: failed (Result: exit-code) since Mon, 24 Jun 2013 04:28:28 +0100; 6s ago | Process: 5139 ExecStartPost=/sbin/auditctl -R /etc/audit/audit.rules (code=exited, status=0/SUCCESS) | Process: 5136 ExecStart=/sbin/auditd -n (code=exited, status=6) | CGroup: name=systemd:/system/auditd.service ` Does dmesg show any denials ? Nope, all it shows is turning on/off SELinux (I tried accessing the mail prior and post changing SElinux status) , | [ 767.835481] type=1404 audit(1372044152.923:10): enforcing=0 old_enforcing=1 auid=1000 ses=1 | [ 777.110187] type=1404 audit(1372044162.218:11): enforcing=1 old_enforcing=0 auid=1000 ses=1 ` Likely dovecot doesn't have access user_home_dir_t/user_home_t. Is all users maildirs below /home/user/data1/Maildir/ ? All users maildirs are under the same location, e.g. , ls -Z | drwx--. user user system_u:object_r:mnt_t:s0 mailaccountA | drwx--. user user system_u:object_r:mnt_t:s0 mailaccountB | drwx--. user user unconfined_u:object_r:mnt_t:s0 mailaccountC | drwx--. user user unconfined_u:object_r:mnt_t:s0 mailaccountD ` If so, you can probably fix this by creating a labeling rule for this, and re-label everything below this directory: semanage fcontext -a -t mail_spool_t /home/user/data1/Maildir(/.*)? restorecon -R /home/user/data1/Maildir No luck with using this. I will look into this more tomorrow and hopefully locate some logs. -- Johnny
Re: [Dovecot] Config for master user in dovecot 1.1.20
Guys..i'm sorry if my questions is too absurd. Let me explain first.FYI im a totally newbie in this mail server thing. The mail server admin who managed and created this server in 2010 is gone .no contact at all.And also no documentation about the server in detail. And now the server need to be upgraded. We wana build new server with data ( account + mailbox ) migrated from the old server. I've tried to follow dovecot migration tutorial in wiki but still no luck. So I post here for further help. Ok at first I get the idea that my dovecot version is too old for 2013. But IMHO thats too risky for me to upgrade to new version bcause of my knowledge. Afterall in wiki theres a tutorial Dovecot 1 . I want to focus on that instead of making change to my server. But now it still not working in my old server. I hope ill get answer in this forum. Again.. Sorry for my question if it categorized as flamming , OOT or something else. Im just a newbie with question and need some help.. Thanx guys.. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Config-for-master-user-in-dovecot-1-1-20-tp42906p42947.html Sent from the Dovecot mailing list archive at Nabble.com.
Re: [Dovecot] Config for master user in dovecot 1.1.20
Hello, Actually I have just recently migrated 2 Dovecot installations from 1.x to 2.x simply by installing the current version and pointing it to the same user and storage configuration. Worked like a charm. Best wishes Eugene -Original Message- From: izul Sent: Monday, June 24, 2013 8:11 AM To: dovecot@dovecot.org Subject: Re: [Dovecot] Config for master user in dovecot 1.1.20 Guys..i'm sorry if my questions is too absurd. Let me explain first.FYI im a totally newbie in this mail server thing. The mail server admin who managed and created this server in 2010 is gone .no contact at all.And also no documentation about the server in detail. And now the server need to be upgraded. We wana build new server with data ( account + mailbox ) migrated from the old server. I've tried to follow dovecot migration tutorial in wiki but still no luck. So I post here for further help. Ok at first I get the idea that my dovecot version is too old for 2013. But IMHO thats too risky for me to upgrade to new version bcause of my knowledge. Afterall in wiki theres a tutorial Dovecot 1 . I want to focus on that instead of making change to my server. But now it still not working in my old server. I hope ill get answer in this forum. Again.. Sorry for my question if it categorized as flamming , OOT or something else. Im just a newbie with question and need some help.. Thanx guys.. -- View this message in context: http://dovecot.2317879.n4.nabble.com/Config-for-master-user-in-dovecot-1-1-20-tp42906p42947.html Sent from the Dovecot mailing list archive at Nabble.com.