Re: Dovecot sieve pigeonhole permission
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 4 Aug 2015, Gerhard Wiesinger wrote:
I'm running dovecot in a classical vmail.vmail setup with pigeonhole and
LMTP. Permission worked well in the initial setup but currently (maybe after
Fedora 22 update) I'm having the following permission issue:
lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to
open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied
(euid=(vmail) egid=(vmail) missing +r perm:
/etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0
mode=0755)
Did you honored the error log and added the read permission for the vmail
user, which most likely means:
chmod a+r /etc/dovecot/sieve_after.svbin
lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to
create temporary file:
open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed:
Permission denied (euid=(vmail) egid=(vmail) missing +w perm:
/etc/dovecot, dir owned by 0:0 mode=0755)
lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does
not have permission to save global Sieve script binaries; global Sieve
scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using
the sievec tool
Did you compiled the script manually as described in the error log?
rpm -V dovecot dovecot-pigeonhole
doesn't report any permission issues
Versions:
dovecot-2.2.18-2.fc22.x86_64
dovecot-pigeonhole-2.2.18-2.fc22.x86_64
Relevant config parts:
mail_gid = vmail
mail_uid = vmail
plugin {
sieve = ~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve_after.sieve
sieve_dir = ~/sieve
}
ls -lad /etc/dovecot/
drwxr-xr-x. 3 root root 4096 Jul 30 18:13 /etc/dovecot/
ls -la /etc/dovecot/*sieve*
-rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve
-rw-r- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin
What's are the recommended permissions for the files/directories (also for
root service startup of dovecot)?
Did something change in permissions management?
- --
Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEVAwUBVcHuIHz1H7kL/d9rAQK99wgAnp6aQJEioc/KbIWilj/JiNUJnWkMT090
DNvZBKXmGpD8IyNkAxvliVQyP3o8vbbBwaBMSoGXwlu7es9I1fKJI641pMgRNO/w
r1iYkjFtP/sq4GvHoPVkTrs6QzKxVXQJZGfqsLvqAG58kieUM94QSyor5/7xa/1q
XhGTH9ifJURqIDuwZkgcBKZPKJupd6+fyU8t9S27AVISjrPc5KVcuAh5yjYt2BrE
8cQRKysh+1xdLBswn4B/8jDcR9F04rjE2Py1AdmQpVjyC5AbfCbu9a9y5sCPuoEp
g8NTF+kRrO6Y7rXU8aZwgpa9ScDoDMijOovpi3B/5U2r/40qpC4b7w==
=bD4P
-END PGP SIGNATURE-
Re: Dovecot sieve pigeonhole permission
On 05.08.2015 13:06, Steffen Kaiser wrote: On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=(vmail) egid=(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin Yes, I read it but I didn't like to give read permissions for all. Isn't there a better designed solution available? Nevertheless it works by setting the read permissions for all ... lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to create temporary file: open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: Permission denied (euid=(vmail) egid=(vmail) missing +w perm: /etc/dovecot, dir owned by 0:0 mode=0755) lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does not have permission to save global Sieve script binaries; global Sieve scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using the sievec tool Did you compiled the script manually as described in the error log? Yes, I did, but didn't work because of the missing read permissions for all. Ciao, Gerhard -- http://www.wiesinger.com/
Re: Dovecot sieve pigeonhole permission
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Aug 2015, Gerhard Wiesinger wrote: On 05.08.2015 13:06, Steffen Kaiser wrote: On Tue, 4 Aug 2015, Gerhard Wiesinger wrote: I'm running dovecot in a classical vmail.vmail setup with pigeonhole and LMTP. Permission worked well in the initial setup but currently (maybe after Fedora 22 update) I'm having the following permission issue: lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied (euid=(vmail) egid=(vmail) missing +r perm: /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 mode=0755) Did you honored the error log and added the read permission for the vmail user, which most likely means: chmod a+r /etc/dovecot/sieve_after.svbin Yes, I read it but I didn't like to give read permissions for all. Isn't well, what kind of users have shell or file level access to the server? there a better designed solution available? Nevertheless it works by setting the read permissions for all ... -rwxr-x--- 1 vmail vmail 288 Aug 8 2014 /etc/dovecot/sieve_after.sieve -rw-r- 1 root root 355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin 1st: sieve scripts are not executable. 2nd: it needs read perm for all your LMTP users, that probable means: chown vmail /etc/dovecot/sieve_after.svbin chmod o=/etc/dovecot/sieve_after.svbin If you have some system users as well, you might need to chgrp as well. - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQEVAwUBVcH+h3z1H7kL/d9rAQJ7FwgAmY9KMnl6D/aUu2zabT2tptauOItjN/Rs hW9/Rkk15sRgsaqbVce+Qb/YMb80sH8VjdYQbtC9ea/PrwSoF/lDnp1W/ekJoc92 W8cQn1b6e+aoH2chUdw/sYGWuKEv8qpyzFmrxS8vGitcMzbICQcXh5WYxe0Ie19s GqpPKlPRKI/X84slV3BDV6NWILovrDY/UIa2wt4vW2rlUVDpwN1Z6Wfk3ExxoVo/ http0vL6XgXdrDeQ8SyeT+atxdOyQ5bhr/u485Ix0vsWR7AXJG07x6Ul10d8th/i nrTH6EfMCrLKdupD80lYhWUYvGZFmSm3dG+fbWKIgnd1YOr8Nth33Q== =7oLN -END PGP SIGNATURE-
question on autch cache parameters
Hi list,
I have a question on auth caching in 2.2.18.
I am using acl_groups for a master user, appended in a static userdb file
# snip ###
master@uma:{SHA}=::userdb_acl_groups=umareadmaster
allow_nets=127.0.0.1
# snap ###
and use this group in a global ACL file.
I discovered this only works on first NOT-cached login
environment in imap-postlogin script on first login:
AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c
MASTER_USER=master@uma
SPUSER=private/pdf
LOCAL_IP=127.0.0.1
USER=pdf
AUTH_USER=master@uma
PWD=/var/run/dovecot
USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/var/data/vmail/private/pdf
ACL_GROUPS=umareadmaster
IP=127.0.0.1
_=/usr/bin/env
on the second cached login it looks like this
AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f
MASTER_USER=master@uma
SPUSER=private/pdf
LOCAL_IP=127.0.0.1
USER=pdf
AUTH_USER=master@uma
PWD=/var/run/dovecot
USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/var/data/vmail/private/pdf
IP=127.0.0.1
_=/usr/bin/env
so the ACL_GROUPS is gone.
is this intended to be like that.
so groups not included in cache and I have to find another approach?
anybody else encountered similar problems with some auth Variables and
caching?
Greetz Matze
2.2.18: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted.
Hello I have 2.2.18 built with: ./configure \ --prefix=$prefix \ --bindir=$prefix/bin \ --sbindir=$prefix/bin \ --sysconfdir=/etc \ --with-storages=maildir,imapc,pop3c \ --without-vpopmail \ --without-ldap I'm attempting to sync (backup) from another Dovecot server running version 2.0.21: Both servers don't have no explicit namespaces configured and both are using the Maildir storage plugin. doveadm -Dv -o imapc_user=remote_user -o imapc_host=source.host -o imapc_port=993 -o imapc_ssl=imaps -o imapc_password=remote_pass -o imapc_features=rfc822.size fetch-headers backup -R -u local_user imapc: All seems to go well, showing local and remote mailbox syncing without errors, then finally: dsync(mcg): Debug: brain M: Deleting mailbox 'INBOX' (GUID 59023c2a911dc255842bd09efc50): UIDVALIDITY changed (1355416734 - 1438784913) dsync(mcg): Error: Mailbox INBOX sync: mailbox_delete failed: INBOX can't be deleted. No mail is synced to the local server (2.2.18) after this error halts execution. What should I be looking for, in terms of possible causes of this error? I've tried syncing on a completely fresh mailbox, which hasn't been accessed by a mail client and the same error occurs. I've seen similar reports of this error before, without clear solutions / suggestions. Help would be greatly appreciated. Thanks
Re: question on autch cache parameters
just tested against dovecot 2.2.15
everythings works fine. so might be a bug introduced between 2.2.16 and
2.2.18
On 08/05/2015 04:30 PM, matthias lay wrote:
Hi list,
I have a question on auth caching in 2.2.18.
I am using acl_groups for a master user, appended in a static userdb file
# snip ###
master@uma:{SHA}=::userdb_acl_groups=umareadmaster
allow_nets=127.0.0.1
# snap ###
and use this group in a global ACL file.
I discovered this only works on first NOT-cached login
environment in imap-postlogin script on first login:
AUTH_TOKEN=e96b5a32ceb2cafc4460c210ad2e92e3d7ab388c
MASTER_USER=master@uma
SPUSER=private/pdf
LOCAL_IP=127.0.0.1
USER=pdf
AUTH_USER=master@uma
PWD=/var/run/dovecot
USERDB_KEYS=ACL_GROUPS HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/var/data/vmail/private/pdf
ACL_GROUPS=umareadmaster
IP=127.0.0.1
_=/usr/bin/env
on the second cached login it looks like this
AUTH_TOKEN=12703b11932f233520f6d4b33559c33aeb1cfc7f
MASTER_USER=master@uma
SPUSER=private/pdf
LOCAL_IP=127.0.0.1
USER=pdf
AUTH_USER=master@uma
PWD=/var/run/dovecot
USERDB_KEYS=HOME SPUSER MASTER_USER AUTH_TOKEN AUTH_USER
SHLVL=1
HOME=/var/data/vmail/private/pdf
IP=127.0.0.1
_=/usr/bin/env
so the ACL_GROUPS is gone.
is this intended to be like that.
so groups not included in cache and I have to find another approach?
anybody else encountered similar problems with some auth Variables and
caching?
Greetz Matze
0x7BCC653A.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
Re: Segfaults after upgrade to Debian Jessie
On Sat, 2015-07-25 at 00:32 +0100, Andrew Beverley wrote: Hi, I've just upgrade from Debian Wheezy to Debian Jessie and am getting: Fatal: master: service(lmtp): child 6761 killed with signal 11 (core dumped) It seems to be something to do with sieve. When I disable that from lmtp then everything works fine. OS: Debian Jessie Dovecot version: 2.2.13 CPU: x86 This is the gdb output: Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. Core was generated by `dovecot/lmtp'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x7f8e4c94f626 in sieve_validator_register_command () from /usr/lib/dovecot/libdovecot-sieve.so.0 I've just tried upgrading to 2.2.18 (Stretch) but get the same error. I've opened a Debian bug report: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794718 I have also tried downgrading to 2.1.7 (Wheezy) and everything works correctly. Thanks, Andy
