subject:"\[Dovecot\] Couldn't drop privileges"

Re: [Dovecot] Couldn't drop privileges

2014-01-15 Thread CM Reddy

Thanks for your help.


On Tue, Jan 14, 2014 at 6:51 AM, Joseph Tam  wrote:

>
> From: CM Reddy 
>
>  userdb {
>>   args = username_format=%u /etc/dovecot/users
>>   driver = passwd-file
>> }
>> ...
>> Log information:
>> ...
>>
>> Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap(armor5): Error: user
>> armor5: Couldn't drop privileges: User is missing GID (see mail_gid
>> setting)
>>
>
> Fairly self-explanatory, isn't it?  It appears your userdb does
> not specify GID for a user.  Either define it, or ...
>
> In share/doc/dovecot/example-config/conf.d/10-mail.conf:
>
> # System user and group used to access mails. If you use multiple,
> userdb
> # can override these by returning uid or gid fields. You can use
> either numbers
> # or names. 
> #mail_uid =
>
> ... if all your users share the the same GID, set it here.
>
> Joseph Tam 
>

Re: [Dovecot] Couldn't drop privileges

2014-01-13 Thread Joseph Tam



From: CM Reddy 


userdb {
  args = username_format=%u /etc/dovecot/users
  driver = passwd-file
}
...
Log information:
...
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap(armor5): Error: user
armor5: Couldn't drop privileges: User is missing GID (see mail_gid setting)


Fairly self-explanatory, isn't it?  It appears your userdb does
not specify GID for a user.  Either define it, or ...

In share/doc/dovecot/example-config/conf.d/10-mail.conf:

# System user and group used to access mails. If you use multiple, 
userdb
# can override these by returning uid or gid fields. You can use either 
numbers
# or names. 
#mail_uid =

... if all your users share the the same GID, set it here.

Joseph Tam

Re: [Dovecot] Couldn't drop privileges

2014-01-13 Thread Pascal Volk

On 01/13/2014 11:22 AM CM Reddy wrote:
> …
> 2. Failed to Login command with an error.
> …
>  Lenovo-G500s:~$ doveconf  -n
> # 2.2.10: /usr/local/etc/dovecot/dovecot.conf
> # OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.3 LTS
> …
> passdb {
>   args = scheme=CRYPT username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> ssl_cert =  ssl_key =  userdb {
>   args = username_format=%u /etc/dovecot/users
>   driver = passwd-file
> }
> 
> …
> Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap(armor5): Error: user
> armor5: Couldn't drop privileges: User is missing GID (see mail_gid setting)
->  ^^^ <-

You userdb seems to be incomplete.

,--[ http://wiki2.dovecot.org/UserDatabase ]--
| …
| The user database lookup returns these fields:
|
|  * uid …
|  * gid …
|  * home …
|  * mail …
| …
`--

See the last example in
. The password line
for user armor5 would be:

armor5:{plain}abc123:1001:1001::/home/armor5

`mail' can be left blank, since you've configured mail_location.


Regards,
Pascal
-- 
The trapper recommends today: face1e55.1401...@localdomain.org

[Dovecot] Couldn't drop privileges

2014-01-13 Thread CM Reddy

Hi All,
I have configured the dovecot from sources based on the instructions in the
following link.
http://wiki2.dovecot.org/CompilingSource

Tried to test the installation:
1. Started dovecot successfully.
2. Failed to Login command with an error.

-Lenovo-G500s:~$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN] Hi Dovecot ready.
a login armor5 abc123
* BYE Internal error occurred. Refer to server log for more information.
Connection closed by foreign host.

Configuration is:

 Lenovo-G500s:~$ doveconf  -n
# 2.2.10: /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.8.0-29-generic x86_64 Ubuntu 12.04.3 LTS
auth_debug = yes
auth_verbose = yes
base_dir = /var/run/dovecot/
disable_plaintext_auth = no
login_greeting = Hi Dovecot ready.
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  args = scheme=CRYPT username_format=%u /etc/dovecot/users
  driver = passwd-file
}
ssl_cert = 
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: auth: Debug:
passwd-file(armor5,127.0.0.1,<+CqxJ9jvkgB/AAAB>): lookup: user=armor5
file=/etc/dovecot/users
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: auth: Debug: client passdb
out: OK#0111#011user=armor5
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: auth: Debug: master in:
REQUEST#008344833#0115166#0111#011d026da1fc2ca16d0208eec7bc369ac2d#011session_pid=5169#011request_auth_token
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: auth: Debug:
passwd-file(armor5,127.0.0.1,<+CqxJ9jvkgB/AAAB>): lookup: user=armor5
file=/etc/dovecot/users
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: auth: Debug: master userdb
out:
USER#008344833#011armor5#011uid=1001#011home=/home/armor5#011auth_token=555c47f35a67f94f519da93affe91abef29550fb
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap-login: Login:
user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=5169,
secured, session=<+CqxJ9jvkgB/AAAB>
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap(armor5): Error: user
armor5: Couldn't drop privileges: User is missing GID (see mail_gid setting)
Jan 13 16:42:44 cmreddy-Lenovo-G500s dovecot: imap(armor5): Error: Internal
error occurred. Refer to server log for more information.

Please help in resolving this issue.
- Thanks
CM Reddy

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme


On 15 Aug 2013, at 14:37 , LuKreme  wrote:

> /home/user/Maildir, otoh, is correct.
> 
> Should I simply mkdir a Maildir for every user and move everything into it?

While that works, of course new mail uses the path from the sql database and 
puts mail into

/usr/local/virtual/u...@example.com/new


-- 
"Alas, earwax."

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme


On 15 Aug 2013, at 14:28 , LuKreme  wrote:

> but still having issues with blank mailboxes on the virtual users.

OK, I am having blank mailboxes because dovecot is adding Maildir to the home 
for the virtual users:

Debug: maildir++: root=/usr/local/virtual/lists@*munged*//Maildir,

The correct directory should be without the Maildir

(and yes, the double slash is there in the log)

/home/user/Maildir, otoh, is correct.

Should I simply mkdir a Maildir for every user and move everything into it?

-- 
They all have husbands and wives and children and houses and dogs, and
you know, they've all made themselves a part of something and they can
talk about what they do. What am I gonna say? "I killed the president of
Paraguay with a fork. How've you been?"

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme


On 15 Aug 2013, at 14:18 , LuKreme  wrote:

> user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, 
> concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'

user_query = select 89 as uid, 125 as gid, concat('/usr/local/virtual/', 
maildir) as home from mailbox where username = '%u'

doesn't complain either (thanks Timo, that makes more sense) but still having 
issues with blank mailboxes on the virtual users.

-- 
I don't have a solution but I admire the problem.

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme

On 15 Aug 2013, at 13:38 , LuKreme  wrote:

> select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from 
> mailbox where username = '%u'

user_query = select 89 as uid, 125 as gid, '/usr/local/virtual/' as home, 
concat('/usr/local/virtual/', maildir) from mailbox where username = '%u'

and it has stopped complaining.

However, when I login to any virtual account, there is no mail shown.

Any other debug flags I can turn on?

do I have to build home to match maildir? And if so, how?

-- 
If you must choose between two evils, pick the one you've never tried
before.

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread Timo Sirainen

On 15.8.2013, at 22.38, LuKreme  wrote:

> select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from 
> mailbox where username = '%u'

concat('/usr/local/virtual/', maildir) as home from ..

> Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: 
> Initialization failed: Namespace '': Home directory not set for user. Can't 
> expand ~/ for mail root dir in: ~/Maildir

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme

On 15 Aug 2013, at 13:26 , LuKreme  wrote:

> What is not shown is the full path to the maildir, just the maildir value 
> returned from the sql query. It really really looks like this should be 
> working and like the 
> 
> userdb {
>  driver = static
>  args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u
> }
> 
> block is just not having the desired effect.

Progress (I know you are all reading this with bated breath in eager 
anticipation of my next missive).

I changed the user_query to 

select 89 as uid, 125 as gid, concat('/usr/local/virtual/', maildir) from 
mailbox where username = '%u'

and got a new error, which I think reveals the source of the problem:

Error: user lists@*munged*: Mail access for users with UID 89 not permitted 
(see first_valid_uid in config file, uid from userdb lookup).

So, I set first_valid_uid = 89 and I get a NEW error.

Aug 15 13:34:05 auth: Debug: master userdb out: USER4078043137  
lists@*munged*  uid=89  gid=125 concat('/usr/local/virtual/', 
maildir)=/usr/local/virtual/lists@*munged*/   
auth_token=2cb95ca06efdab697854015a93d7c3b0001b417b
Aug 15 13:34:05 imap-login: Info: Login: user=, method=PLAIN, 
rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77996, TLS, session=
Aug 15 13:34:05 imap(lists@*munged*): Error: user lists@*munged*: 
Initialization failed: Namespace '': Home directory not set for user. Can't 
expand ~/ for mail root dir in: ~/Maildir
Aug 15 13:34:05 imap(lists@*munged*): Error: Invalid user settings. Refer to 
server log for more information.

So, the uid and gid are now correct, the maildir path is correct, and it is 
STILL not happy.

-- 
Stupid men are often capable of things the clever would not dare to
contemplate... --Feet of Clay

Re: [Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme

On 15 Aug 2013, at 11:29 , LuKreme  wrote:

> attempts to login result in:
> 
> dovecot: imap-login: Login: user=, method=PLAIN, 
> rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, 
> session=
> dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop 
> privileges: User is missing UID (see mail_uid setting)
> dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to 
> server log for more information.

Turned on the debug and this is what I see:

Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): 
query: select password from mailbox where username ='lists@*munged*'
Aug 15 13:16:45 auth: Debug: client passdb out: OK  1   
user=lists@*munged*
Aug 15 13:16:45 auth: Debug: master in: REQUEST 2891186177  77374   1   
a2bde9e07ec4034dff654566596e062fsession_pid=77375
Aug 15 13:16:45 auth-worker(77340): Debug: passwd(lists@*munged*,ip.xx.yy.zz): 
lookup
Aug 15 13:16:45 auth-worker(77340): Info: passwd(lists@*munged*,ip.xx.yy.zz): 
unknown user
Aug 15 13:16:45 auth-worker(77340): Debug: sql(lists@*munged*,ip.xx.yy.zz): 
select maildir from mailbox where username = 'lists@*munged*'
Aug 15 13:16:45 auth: Debug: master userdb out: USER2891186177  
lists@*munged*  maildir=lists@*munged*/ 
auth_token=8016448b78ce6682d24f056ad695b2158bac7ee2
Aug 15 13:16:45 imap-login: Info: Login: user=, method=PLAIN, 
rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77375, TLS, session=<1hadUAHk7AAXGJaN>
Aug 15 13:16:45 imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop 
privileges: User is missing UID (see mail_uid setting)
Aug 15 13:16:45 imap(lists@*munged*): Error: Internal error occurred. Refer to 
server log for more information.

a successful userdb for a local user looks like this:

Aug 15 13:16:44 auth: Debug: client passdb out: OK  1   user=kremels
Aug 15 13:16:44 auth: Debug: master in: REQUEST 3532521473  77365   1   
4ebb0de2b83c3e2603bc3e3ffca59d73session_pid=77370
Aug 15 13:16:44 auth-worker(77340): Debug: passwd(kremels,ip.xx.yy.zz): lookup
Aug 15 13:16:44 auth: Debug: master userdb out: USER3532521473  kremels 
system_groups_user=kremels  uid=1004gid=1004
home=/home/kremels  auth_token=60c1bb537e93229108f3aeceff78bfad811f5b62
Aug 15 13:16:44 imap-login: Info: Login: user=, method=PLAIN, 
rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=77370, TLS, session=
Aug 15 13:16:44 auth: Debug: client in: AUTH1   PLAIN   service=imap
secured session=VLKQUAHk6gAXGJaNlip=75.148.117.91   rip=ip.xx.yy.zz 
lport=993   rport=55018 resp=

What is not shown is the full path to the maildir, just the maildir value 
returned from the sql query. It really really looks like this should be working 
and like the 

userdb {
  driver = static
  args = uid=vpopmail gid=postfix home=/usr/local/virtual/%u
}

block is just not having the desired effect.

I've been at this for the better part of two days now, and have read hundreds 
(if not thousands) of web pages. I don't know what I am missing.

-- 
Belief is one of the most powerful organic forces in the multiverse. It
may not be able to move mountains, exactly. But it can create someone
who can.

[Dovecot] Couldn't drop privileges

2013-08-15 Thread LuKreme

attempts to login result in:

dovecot: imap-login: Login: user=, method=PLAIN, 
rip=ip.xx.yy.zz, lip=75.148.117.91, mpid=75104, TLS, session=
dovecot: imap(lists@*munged*): Error: user lists@*munged*: Couldn't drop 
privileges: User is missing UID (see mail_uid setting)
dovecot: imap(lists@*munged*): Error: Internal error occurred. Refer to server 
log for more information.

Local (shell) user authentication works fine. It looks to me like the 
authentication is working based on the first line, so I don't think the issue 
is in the dovecot-sql.conf.ext

$ cat dovecot-sql.conf.ext
driver =  mysql
connect = host=localhost dbname=postfix user=dovecot password=dovecot
default_pass_scheme = MD5-CRYPT
password_query = select password from mailbox where username ='%u'
user_query = select maildir from mailbox where username = '%u'

# home is set in userdb static, kept for history
#user_query = select concat('/usr/local/virtual/', maildir) from mailbox where 
username = '%u'
#user_query = select concat('/usr/local/virtual/', maildir), 'vpopmail' as uid, 
'postfix' as gid, from mailbox where username = '%u'

#iterate_query = SELECT username AS user FROM users


# 2.2.5: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE i386  
auth_mechanisms = plain login
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date ihave
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
auto = subscribe
special_use = \Junk
  }
  mailbox NotJunk {
auto = subscribe
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
ssl_cert =

[Dovecot] Couldn't drop privileges: User is missing UID (see mail_uid setting)

2012-09-14 Thread Carsten Laun-De Lellis

Hi all

 

I hope anyone could help me out with my problem regarding the user_id
settings.

 

I am running my mail servers just for fun and I am not a professional mail
admin. After I am using postfix and dovecot for my mail servers with a mysql
backend for the last 2 years I have tried to set up an installation with a
ldap backend.

I followed the how-to from the Postfix Book and now I have always the
following error message: 

 

Couldn't drop privileges: User is missing UID (see mail_uid setting)

 

This error message occurs whenever I try to connect via a mail client.
System emails were delivered the way I expected. So I assume postfix is
working fine. The ldap search I use for user authentication is as follows:

 

uris = ldap://myserver.com

dn = cn=admin, dc=mydomain, dc=com

dnpass = secure

tls = no

base = ou=mailuser,dc=mydomain,dc=com

ldap_version = 3

 

user_attrs = pfMailMessageStore=home

user_filter = (&(objectClass=PFMailAccount)(pfMail=%u))

 

pass_attrs = pfClearPassword=password,pfMailMessageStore=userdb_home

pass_filter = (&(objectClass=PFMailAccount)(pfMail=%u))

 

default_pass_scheme = PLAIN

 

user_global_uid = 5000

user_global_gid = 5000

 

I am using dovecot 2.1.9, postfix 2.8.5 and openldap 2.4.23

 

I would appreciate any help or tipps.

 

 

~ 

 

Mit freundlichem Gruß

 

Carsten Laun-De Lellis

Dipl.-Ing. Elektrotechnik

Certified Information Systems Auditor (CISA)

 

Hauptstrasse 13

D-67705 Trippstadt

 

Phone:   +49 (6306) 992140

Mobile:  +49 (151) 27530865

Fax: +49 (6306) 992142

email:
carsten.delel...@delellis.net

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

[Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

Re: [Dovecot] Couldn't drop privileges

[Dovecot] Couldn't drop privileges

[Dovecot] Couldn't drop privileges: User is missing UID (see mail_uid setting)

13 matches

Site Navigation

Mail list logo

Footer information