Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-09-06 Thread Austin Witmer 
Hello all!

My strange permission errors in my log files seem to have disappeared. The only 
thing I can think of that I changed was mounting my encrypted folder without 
using sudo. Example “gocryptfs -allow_other cipher plain” instead of "sudo 
gocryptfs -allow_other cipher plain”.

Thanks to all of you for your help and suggestions!

Austin Witmer


> On Aug 21, 2022, at 10:03 AM, Remo Mattei  wrote:
> 
> It’s a mount partition you should check that probably it is nfs. 
> 
> Good luck. 
> 
>> Il giorno 21 ago 2022, alle ore 07:43, Austin Witmer 
>>  ha scritto:
>> 
>> Thanks to all of your for your input!
>> 
>> I think I may have gotten this resolved. More time and testing will tell! 
>> More details later . . .
>> 
>> Austin Witmer
>> 
>> 
>>> On Aug 20, 2022, at 9:06 AM, Erwan David >> > wrote:
>>> 
>>> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
 Hello all!
 
 Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then 
 I am periodically getting some dovecot errors like the below in my mail 
 log. As far as I can tell, my unix perms are just fine. What is ACL/MAC?
 
 Aug 20 14:41:58 mail dovecot: imap(u...@domain.com 
 )<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
 stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
   
 >) failed: Permission denied 
 (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
 
 And here is the listing showing the permissions for that file.
 
 *austin@mail*:*~*$ ls -la 
 /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
  
 >
 -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
 */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
  
 >*
 
 What in the world is causing these errors, and what can I do about them?
 
 Thanks in advance!
 
 Austin Witmer
>>> 
>>> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
>>> that case you would have to check their policy to give dovecot access to 
>>> this directory.
>>> 
>>

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread Aki Tuomi 
If you are running gocryptfs with Dovecot, you need to ensure that Dovecot has 
access to the files even when you are not logged in. Perhaps gocryptfs is 
blocking access to processes not originating from your session?

Aki

> On 31/08/2022 07:14 EEST Austin Witmer  wrote:
> 
>  
> No, I am manually mounting it when I start my server. I then start dovecot.
> 
> Austin Witmer
> 
> > On Aug 30, 2022, at 9:40 PM, pe...@chubb.wattle.id.au wrote:
> > 
> > 
> >> 
> >> "Austin" == Austin Witmer  writes:
> > 
> > 
> > Austin> So, the location of my mail storage
> > Austin> (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem
> > Austin> mounted by gocryptfs. Do you think gocryptfs could be at fault
> > Austin> here?
> > 
> > Is it automounted?  I've seen issues where dovecot tries to access a
> > file before the mount has finished, giving a pmerssions denied error.
> > 
> > Peter C

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread Austin Witmer 
No, I am manually mounting it when I start my server. I then start dovecot.

Austin Witmer

> On Aug 30, 2022, at 9:40 PM, pe...@chubb.wattle.id.au wrote:
> 
> 
>> 
>> "Austin" == Austin Witmer  writes:
> 
> 
> Austin> So, the location of my mail storage
> Austin> (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem
> Austin> mounted by gocryptfs. Do you think gocryptfs could be at fault
> Austin> here?
> 
> Is it automounted?  I've seen issues where dovecot tries to access a
> file before the mount has finished, giving a pmerssions denied error.
> 
> Peter C

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread peter 
> "Austin" == Austin Witmer  writes:


Austin> So, the location of my mail storage
Austin> (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem
Austin> mounted by gocryptfs. Do you think gocryptfs could be at fault
Austin> here?

Is it automounted?  I've seen issues where dovecot tries to access a
file before the mount has finished, giving a pmerssions denied error.

Peter C

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread Austin Witmer 
See below . . .

> On Aug 30, 2022, at 1:41 PM, spi  wrote:
> 
> 
> 
> Am 30.08.22 um 20:43 schrieb Austin Witmer:
>> I’m am still getting the errors I mentioned previously. Maybe half a dozen 
>> of them per day . . .
>> 
>> So, the location of my mail storage 
>> (/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem mounted by 
>> gocryptfs. Do you think gocryptfs could be at fault here?
>> 
>> Austin Witmer
>> 
> 
> Before and after mounting: What are the mount folder's user/group 
> permissions? Who owns the mount folder (user/group)?
> 
> 

The owner is austin and group is austin before and after mounting the folder. I 
would need to verify that the owner is still the same before the folder is 
mounted sometime while my server is offline.
> If you do a "stat 
> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
> " as the user dovecot is running as 
> (from your mail I see austin owns that file - is dovecot run as user austin?) 
> - do you also get an error?
> 
I would think that dovecot is running as user austin, but I’m not sure how to 
verify that?
> If you do get an error - could you create a small encrypted fs and mount it 
> to another folder, create a file there and check again for "stat file"? Play 
> with the permissions and user/group assignments. Still getting an error?
> 
> --
> Cheers
> spi

So here is one of the last log lines from my mail.err file.

Aug 30 23:09:11 mail dovecot: 
lmtp(u...@domain.com)<179137>: Error: 
open(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist.lock)
 failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: 
lmtp(u...@domain.com)<179137>: Error: lmtp-server: conn 
unix:pid=179136,uid=112 [1]: rcpt u...@domain.com: Mailbox INBOX: 
file_dotlock_create(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist)
 failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: 
lmtp(u...@domain.com)<179137>: Error: sieve: 
msgid=: failed to store 
into mailbox 'INBOX': Mailbox INBOX: 
file_dotlock_create(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist)
 failed: Operation not permitted
Aug 30 23:09:11 mail dovecot: 
lmtp(u...@domain.com)<179137>: Error: sieve: Execution 
of script /var/lib/dovecot/sieve/default.sieve was aborted due to temporary 
failure


Here is the stat command one of the files that dovecot seem to not be able to 
access.

austin@mail:/mnt/volume1/mailserver$ stat 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist
  File: /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot-uidlist
  Size: 60565   Blocks: 120IO Block: 4096   regular file
Device: 2bh/43d Inode: 146325  Links: 1
Access: (0660/-rw-rw)  Uid: ( 1000/  austin)   Gid: ( 1000/  austin)
Access: 2022-08-30 23:19:24.701469295 +
Modify: 2022-08-30 23:16:34.155318207 +
Change: 2022-08-30 23:16:34.163318308 +
 Birth: -

Is the problem that the x perm is missing from both the user and group for this 
file? I have tried different times to recursively apply wrx permissions to all 
the folders and files but it seems like dovecot must create files that it later 
cannot access. Or maybe I am not understanding this correctly?

Why am I getting these errors only about 1% of the time and the rest of the 
time it works fine? This seems to be randomly happening to various users on my 
server.

Thanks again to all of you for your help!

Austin Witmer

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread spi 


Am 30.08.22 um 20:43 schrieb Austin Witmer:

I’m am still getting the errors I mentioned previously. Maybe half a
dozen of them per day . . .

So, the location of my mail storage
(/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem mounted
by gocryptfs. Do you think gocryptfs could be at fault here?

Austin Witmer



Before and after mounting: What are the mount folder's user/group
permissions? Who owns the mount folder (user/group)?

If you do a "stat
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
" as the user dovecot is
running as (from your mail I see austin owns that file - is dovecot run
as user austin?) - do you also get an error?

If you do get an error - could you create a small encrypted fs and mount
it to another folder, create a file there and check again for "stat
file"? Play with the permissions and user/group assignments. Still
getting an error?

--
Cheers
spi

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-30 Thread Austin Witmer 
I’m am still getting the errors I mentioned previously. Maybe half a dozen of 
them per day . . .

So, the location of my mail storage 
(/mnt/volume1/mailserver/plain/maildir/%d/%n/) is a filesystem mounted by 
gocryptfs. Do you think gocryptfs could be at fault here?

Austin Witmer

> On Aug 24, 2022, at 12:10 PM, lorek  wrote:
> 
> There are a number of issues that can appear to be ACL issues when in fact 
> its something else.
> 
> As other's have mentioned, AppArmor profiles and SELinux contexts can be 
> checked and are the most common. There are ACL permissions as well if you 
> enabled ACL (they are not enabled by default on Ubuntu server). 
> I've occasionally (rarely) seen some weird interactions with sockets between 
> MDA and MTA if the permissions on the directory were not set correctly.
> 
> Additionally, if a mount permission mask is being used, that can occasionally 
> cause similar issues as well, as is often the case with using an NTFS backing 
> filesystem for maildir that's been mounted with unix perms.
> There can also be some edge-cases with permissions in Ubuntu's flavored snap 
> containers as well as docker containers and custom sieves.
> 
> Its difficult to say with any accuracy what is causing your issue with the 
> information provided.
> 
> Have you increased the verbosity of the logging?
> 
> If all of the normal culprits do not stand out, maybe some others will have 
> an idea. 
> 
> As a final fallback you can always set a breakpoint and use a reverse 
> debugger. Its not going to be performant but it will at least narrow down 
> where the issue is coming from, and what the intermediate states were that 
> led to the error so you can save/replicate them moving forward for 
> resolution. Non-determinism can creep into code in a lot of different ways.
> 
> Best Regards,
> N
> 
> 
> On Tue, Aug 23, 2022 at 4:53 AM Austin Witmer  > wrote:
> Here is the output of dovecot -n
> 
> austin@mail:~$ doveconf -n
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.16 (09c29328)
> # OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS 
> # Hostname: mail
> auth_mechanisms = plain login
> listen = *
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
> namespace inbox {
>   inbox = yes
>   location = 
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Spam {
> auto = subscribe
>   }
>   mailbox Trash {
> auto = subscribe
> special_use = \Trash
>   }
>   prefix = 
> }
> passdb {
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   sieve = 
> file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve
>   sieve_before = /var/lib/dovecot/sieve/
>   sieve_global_dir = /var/lib/dovecot/sieve/
>   sieve_global_path = /var/lib/dovecot/sieve/default.sieve
>   sieve_user_log = 
> file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log
> }
> protocols = imap lmtp pop3 imap lmtp sieve pop3
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
> }
> service imap-login {
>   inet_listener imap {
> port = 0
>   }
>   inet_listener imaps {
> port = 993
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
> port = 4190
>   }
>   service_count = 1
> }
> ssl = required
> ssl_cert =  
> ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> userdb {
>   driver = passwd
> }
> userdb {
>   driver = prefetch
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> userdb {
>   driver = prefetch
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> protocol lmtp {
>   hostname = mail.mydomain.com 
>   mail_plugins = " sieve"
>   postmaster_address = postmas...@mydomain.com 
> 
> }
> protocol lda {
>   mail_plugins = " sieve"
> }
> 
> 
> Austin Witmer
> 
> 
>> On Aug 20, 2022, at 12:09 PM, Austin Witmer > > wrote:
>> 
>> And no, I don’t think I

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-24 Thread lorek 
There are a number of issues that can appear to be ACL issues when in fact
its something else.

As other's have mentioned, AppArmor profiles and SELinux contexts can be
checked and are the most common. There are ACL permissions as well if you
enabled ACL (they are not enabled by default on Ubuntu server).
I've occasionally (rarely) seen some weird interactions with sockets
between MDA and MTA if the permissions on the directory were not set
correctly.

Additionally, if a mount permission mask is being used, that can
occasionally cause similar issues as well, as is often the case with using
an NTFS backing filesystem for maildir that's been mounted with unix perms.
There can also be some edge-cases with permissions in Ubuntu's flavored
snap containers as well as docker containers and custom sieves.

Its difficult to say with any accuracy what is causing your issue with the
information provided.

Have you increased the verbosity of the logging?

If all of the normal culprits do not stand out, maybe some others will have
an idea.

As a final fallback you can always set a breakpoint and use a reverse
debugger. Its not going to be performant but it will at least narrow down
where the issue is coming from, and what the intermediate states were that
led to the error so you can save/replicate them moving forward for
resolution. Non-determinism can creep into code in a lot of different ways.

Best Regards,
N


On Tue, Aug 23, 2022 at 4:53 AM Austin Witmer 
wrote:

> Here is the output of dovecot -n
>
> *austin@mail*:*~*$ doveconf -n
> # 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.5.16 (09c29328)
> # OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS
> # Hostname: mail
> auth_mechanisms = plain login
> listen = *
> mail_location = mbox:~/mail:INBOX=/var/mail/%u
> mail_privileged_group = mail
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> auto = subscribe
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Spam {
> auto = subscribe
>   }
>   mailbox Trash {
> auto = subscribe
> special_use = \Trash
>   }
>   prefix =
> }
> passdb {
>   driver = pam
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> plugin {
>   sieve =
> file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve
>   sieve_before = /var/lib/dovecot/sieve/
>   sieve_global_dir = /var/lib/dovecot/sieve/
>   sieve_global_path = /var/lib/dovecot/sieve/default.sieve
>   sieve_user_log =
> file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log
> }
> protocols = imap lmtp pop3 imap lmtp sieve pop3
> service auth {
>   unix_listener /var/spool/postfix/private/auth {
> group = postfix
> mode = 0660
> user = postfix
>   }
> }
> service imap-login {
>   inet_listener imap {
> port = 0
>   }
>   inet_listener imaps {
> port = 993
>   }
> }
> service lmtp {
>   unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
>   }
> }
> service managesieve-login {
>   inet_listener sieve {
> port = 4190
>   }
>   service_count = 1
> }
> ssl = required
> ssl_cert =  ssl_dh = # hidden, use -P to show it
> ssl_key = # hidden, use -P to show it
> ssl_prefer_server_ciphers = yes
> userdb {
>   driver = passwd
> }
> userdb {
>   driver = prefetch
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> userdb {
>   driver = prefetch
> }
> userdb {
>   args = /etc/dovecot/dovecot-sql.conf
>   driver = sql
> }
> protocol lmtp {
>   hostname = mail.mydomain.com
>   mail_plugins = " sieve"
>   postmaster_address = postmas...@mydomain.com
> }
> protocol lda {
>   mail_plugins = " sieve"
> }
>
>
> Austin Witmer
>
>
> On Aug 20, 2022, at 12:09 PM, Austin Witmer 
> wrote:
>
> And no, I don’t think I am using ACL’s.
>
> getfacl austin /mnt/volume1/mailserver/plain/maildir/
> getfacl: austin: No such file or directory
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/volume1/mailserver/plain/maildir/
> # owner: austin
> # group: austin
> user::rwx
> group::rwx
> other::r--
>
> Austin Witmer
>
> On Aug 20, 2022, at 11:15 AM, spi  wrote:
>
> 
>
> Am 20.08.22 um 16:52 schrieb Austin Witmer:
> Hello all!
>
> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
> then I am periodically getting some dovecot errors like the below in
> my mail log. As far as I

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-23 Thread Austin Witmer 
Here is the output of dovecot -n

austin@mail:~$ doveconf -n
# 2.3.16 (7e2e900c1a): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.16 (09c29328)
# OS: Linux 5.15.0-46-generic x86_64 Ubuntu 22.04.1 LTS 
# Hostname: mail
auth_mechanisms = plain login
listen = *
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character 
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave duplicate 
mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
auto = subscribe
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Spam {
auto = subscribe
  }
  mailbox Trash {
auto = subscribe
special_use = \Trash
  }
  prefix = 
}
passdb {
  driver = pam
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
plugin {
  sieve = 
file:/mnt/volume1/mailserver/plain/sieve/%d/%n/scripts;active=/mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve
  sieve_before = /var/lib/dovecot/sieve/
  sieve_global_dir = /var/lib/dovecot/sieve/
  sieve_global_path = /var/lib/dovecot/sieve/default.sieve
  sieve_user_log = 
file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log
}
protocols = imap lmtp pop3 imap lmtp sieve pop3
service auth {
  unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
  }
}
service imap-login {
  inet_listener imap {
port = 0
  }
  inet_listener imaps {
port = 993
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
port = 4190
  }
  service_count = 1
}
ssl = required
ssl_cert =  On Aug 20, 2022, at 12:09 PM, Austin Witmer  wrote:
> 
> And no, I don’t think I am using ACL’s.
> 
> getfacl austin /mnt/volume1/mailserver/plain/maildir/
> getfacl: austin: No such file or directory
> getfacl: Removing leading '/' from absolute path names
> # file: mnt/volume1/mailserver/plain/maildir/
> # owner: austin
> # group: austin
> user::rwx
> group::rwx
> other::r--
> 
> Austin Witmer 
> 
>> On Aug 20, 2022, at 11:15 AM, spi  wrote:
>> 
>> 
>>> Am 20.08.22 um 16:52 schrieb Austin Witmer:
>>> Hello all!
>>> 
>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
>>> then I am periodically getting some dovecot errors like the below in
>>> my mail log. As far as I can tell, my unix perms are just fine. What
>>> is ACL/MAC?
>>> 
>>> Aug 20 14:41:58 mail dovecot:
>>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX:
>>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> ) failed: Permission denied
>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
>>> wrong?))
>>> 
>>> And here is the listing showing the permissions for that file.
>>> 
>>> *austin@mail*:*~*$ ls -la
>>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> 
>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
>>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>> *
>>> 
>>> What in the world is causing these errors, and what can I do about them?
>>> 
>>> Thanks in advance!
>>> 
>>> Austin Witmer
>> 
>> 
>> Do you use any ACLs? Is this just a block device mounted or do you use
>> any network file sharing like nfs?
>> 
>> ACLs you can check by 'getfacl foo'.
>> 
>> --
>> Cheers
>> spi

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-21 Thread Remo Mattei 
It’s a mount partition you should check that probably it is nfs. 

Good luck. 

> Il giorno 21 ago 2022, alle ore 07:43, Austin Witmer  
> ha scritto:
> 
> Thanks to all of your for your input!
> 
> I think I may have gotten this resolved. More time and testing will tell! 
> More details later . . .
> 
> Austin Witmer
> 
> 
>> On Aug 20, 2022, at 9:06 AM, Erwan David  wrote:
>> 
>>> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
>>> Hello all!
>>> 
>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then 
>>> I am periodically getting some dovecot errors like the below in my mail 
>>> log. As far as I can tell, my unix perms are just fine. What is ACL/MAC?
>>> 
>>> Aug 20 14:41:58 mail dovecot: 
>>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
>>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>>  ) failed: Permission denied 
>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
>>> 
>>> And here is the listing showing the permissions for that file.
>>> 
>>> *austin@mail*:*~*$ ls -la 
>>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> 
>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
>>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> *
>>> 
>>> What in the world is causing these errors, and what can I do about them?
>>> 
>>> Thanks in advance!
>>> 
>>> Austin Witmer
>> 
>> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
>> that case you would have to check their policy to give dovecot access to 
>> this directory.
>> 
>

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-21 Thread Austin Witmer 
Thanks to all of your for your input!

I think I may have gotten this resolved. More time and testing will tell! More 
details later . . .

Austin Witmer


> On Aug 20, 2022, at 9:06 AM, Erwan David  wrote:
> 
> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
>> Hello all!
>> 
>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then I 
>> am periodically getting some dovecot errors like the below in my mail log. 
>> As far as I can tell, my unix perms are just fine. What is ACL/MAC?
>> 
>> Aug 20 14:41:58 mail dovecot: 
>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> ) failed: Permission denied 
>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
>> 
>> And here is the listing showing the permissions for that file.
>> 
>> *austin@mail*:*~*$ ls -la 
>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> 
>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> *
>> 
>> What in the world is causing these errors, and what can I do about them?
>> 
>> Thanks in advance!
>> 
>> Austin Witmer
> 
> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
> that case you would have to check their policy to give dovecot access to this 
> directory.
>

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
My mail storage is located on a block storage volume connected to my droplet in 
digital ocean.

Austin Witmer

> On Aug 20, 2022, at 11:15 AM, spi  wrote:
> 
> 
>> Am 20.08.22 um 16:52 schrieb Austin Witmer:
>> Hello all!
>> 
>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
>> then I am periodically getting some dovecot errors like the below in
>> my mail log. As far as I can tell, my unix perms are just fine. What
>> is ACL/MAC?
>> 
>> Aug 20 14:41:58 mail dovecot:
>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX:
>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> ) failed: Permission denied
>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
>> wrong?))
>> 
>> And here is the listing showing the permissions for that file.
>> 
>> *austin@mail*:*~*$ ls -la
>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> 
>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> *
>> 
>> What in the world is causing these errors, and what can I do about them?
>> 
>> Thanks in advance!
>> 
>> Austin Witmer
> 
> 
> Do you use any ACLs? Is this just a block device mounted or do you use
> any network file sharing like nfs?
> 
> ACLs you can check by 'getfacl foo'.
> 
> --
> Cheers
> spi

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
And no, I don’t think I am using ACL’s.

getfacl austin /mnt/volume1/mailserver/plain/maildir/
getfacl: austin: No such file or directory
getfacl: Removing leading '/' from absolute path names
# file: mnt/volume1/mailserver/plain/maildir/
# owner: austin
# group: austin
user::rwx
group::rwx
other::r--

Austin Witmer 

> On Aug 20, 2022, at 11:15 AM, spi  wrote:
> 
> 
>> Am 20.08.22 um 16:52 schrieb Austin Witmer:
>> Hello all!
>> 
>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
>> then I am periodically getting some dovecot errors like the below in
>> my mail log. As far as I can tell, my unix perms are just fine. What
>> is ACL/MAC?
>> 
>> Aug 20 14:41:58 mail dovecot:
>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX:
>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> ) failed: Permission denied
>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
>> wrong?))
>> 
>> And here is the listing showing the permissions for that file.
>> 
>> *austin@mail*:*~*$ ls -la
>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> 
>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>> *
>> 
>> What in the world is causing these errors, and what can I do about them?
>> 
>> Thanks in advance!
>> 
>> Austin Witmer
> 
> 
> Do you use any ACLs? Is this just a block device mounted or do you use
> any network file sharing like nfs?
> 
> ACLs you can check by 'getfacl foo'.
> 
> --
> Cheers
> spi

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Erwan David 

Le 20/08/2022 à 18:23, Austin Witmer a écrit :

See below.


On Aug 20, 2022, at 9:56 AM, Remo Mattei  wrote:

Try ls -laZ


Il giorno 20 ago 2022, alle ore 08:08, Erwan David  ha 
scritto:

Le 20/08/2022 à 16:52, Austin Witmer a écrit :

Hello all!

Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then I am 
periodically getting some dovecot errors like the below in my mail log. As far 
as I can tell, my unix perms are just fine. What is ACL/MAC?

Aug 20 14:41:58 mail dovecot: imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: 
Mailbox INBOX: stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
) failed: Permission denied (euid=1000(austin) 
egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))

And here is the listing showing the permissions for that file.

*austin@mail*:*~*$ ls -la 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 

-rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
*

What in the world is causing these errors, and what can I do about them?

Thanks in advance!

Austin Witmer

Did you check wether your linux distribution uses SeLINUX or Apparmor ? In that 
case you would have to check their policy to give dovecot access to this 
directory.



No, I’m not familiar with SeLinux or Apparmor. Tell me what I should do or 
check.

Thanks!

Austin Witmer



I'm not sure. apparmor logs in kern.log

You can try a grep mailserver/plain/maildir/domain.com /var/log/*.log 
for a start

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread spi 



Am 20.08.22 um 16:52 schrieb Austin Witmer:

Hello all!

Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since
then I am periodically getting some dovecot errors like the below in
my mail log. As far as I can tell, my unix perms are just fine. What
is ACL/MAC?

Aug 20 14:41:58 mail dovecot:
imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX:
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
) failed: Permission denied
(euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC
wrong?))

And here is the listing showing the permissions for that file.

*austin@mail*:*~*$ ls -la
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log

-rwxrwxr-- 1 austin austin 15796 Aug 20 14:41
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
*

What in the world is causing these errors, and what can I do about them?

Thanks in advance!

Austin Witmer



Do you use any ACLs? Is this just a block device mounted or do you use
any network file sharing like nfs?

ACLs you can check by 'getfacl foo'.

--
Cheers
spi

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
See below.

> On Aug 20, 2022, at 9:56 AM, Remo Mattei  wrote:
> 
> Try ls -laZ 
> 
>> Il giorno 20 ago 2022, alle ore 08:08, Erwan David  ha 
>> scritto:
>> 
>> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
>>> Hello all!
>>> 
>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then 
>>> I am periodically getting some dovecot errors like the below in my mail 
>>> log. As far as I can tell, my unix perms are just fine. What is ACL/MAC?
>>> 
>>> Aug 20 14:41:58 mail dovecot: 
>>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
>>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>>  ) failed: Permission denied 
>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
>>> 
>>> And here is the listing showing the permissions for that file.
>>> 
>>> *austin@mail*:*~*$ ls -la 
>>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> 
>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
>>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> *
>>> 
>>> What in the world is causing these errors, and what can I do about them?
>>> 
>>> Thanks in advance!
>>> 
>>> Austin Witmer
>> 
>> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
>> that case you would have to check their policy to give dovecot access to 
>> this directory.
>> 
>> 

No, I’m not familiar with SeLinux or Apparmor. Tell me what I should do or 
check.

Thanks!

Austin Witmer

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
Ok, here is the output of that command.

austin@mail:~$ ls -laZ 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.list.index.log
-rwxrwxr-- 1 austin austin ? 6796 Aug 20 14:40 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.list.index.log

Does that tell you anything?

Austin Witmer

> On Aug 20, 2022, at 9:56 AM, Remo Mattei  wrote:
> 
> Try ls -laZ 
> 
>> Il giorno 20 ago 2022, alle ore 08:08, Erwan David  ha 
>> scritto:
>> 
>> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
>>> Hello all!
>>> 
>>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then 
>>> I am periodically getting some dovecot errors like the below in my mail 
>>> log. As far as I can tell, my unix perms are just fine. What is ACL/MAC?
>>> 
>>> Aug 20 14:41:58 mail dovecot: 
>>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
>>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
>>>  ) failed: Permission denied 
>>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
>>> 
>>> And here is the listing showing the permissions for that file.
>>> 
>>> *austin@mail*:*~*$ ls -la 
>>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> 
>>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
>>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>>> *
>>> 
>>> What in the world is causing these errors, and what can I do about them?
>>> 
>>> Thanks in advance!
>>> 
>>> Austin Witmer
>> 
>> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
>> that case you would have to check their policy to give dovecot access to 
>> this directory.
>> 
>>

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Remo Mattei 
Try ls -laZ 

> Il giorno 20 ago 2022, alle ore 08:08, Erwan David  ha 
> scritto:
> 
> Le 20/08/2022 à 16:52, Austin Witmer a écrit :
>> Hello all!
>> 
>> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then I 
>> am periodically getting some dovecot errors like the below in my mail log. 
>> As far as I can tell, my unix perms are just fine. What is ACL/MAC?
>> 
>> Aug 20 14:41:58 mail dovecot: 
>> imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
>> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> ) failed: Permission denied 
>> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
>> 
>> And here is the listing showing the permissions for that file.
>> 
>> *austin@mail*:*~*$ ls -la 
>> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> 
>> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
>> */mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
>> *
>> 
>> What in the world is causing these errors, and what can I do about them?
>> 
>> Thanks in advance!
>> 
>> Austin Witmer
> 
> Did you check wether your linux distribution uses SeLINUX or Apparmor ? In 
> that case you would have to check their policy to give dovecot access to this 
> directory.
> 
>

Re: Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Erwan David 

Le 20/08/2022 à 16:52, Austin Witmer a écrit :

Hello all!

Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since 
then I am periodically getting some dovecot errors like the below in 
my mail log. As far as I can tell, my unix perms are just fine. What 
is ACL/MAC?


Aug 20 14:41:58 mail dovecot: 
imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
) failed: Permission denied 
(euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC 
wrong?))


And here is the listing showing the permissions for that file.

*austin@mail*:*~*$ ls -la 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 

-rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
*/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
*


What in the world is causing these errors, and what can I do about them?

Thanks in advance!

Austin Witmer


Did you check wether your linux distribution uses SeLINUX or Apparmor ? 
In that case you would have to check their policy to give dovecot access 
to this directory.

Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
Is there any chance that high memory utilization could be responsible for some 
of these errors? I’ve noticed recently that my memory is running anywhere from 
80-85%.

Austin Witmer

> On Aug 20, 2022, at 8:52 AM, Austin Witmer  wrote:
> 
> Hello all!
> 
> Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then I 
> am periodically getting some dovecot errors like the below in my mail log. As 
> far as I can tell, my unix perms are just fine. What is ACL/MAC?
> 
> Aug 20 14:41:58 mail dovecot: imap(u...@domain.com 
> )<56316><1NieGKPmuOdKwxVI>: Error: Mailbox INBOX: 
> stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
> ) failed: Permission denied 
> (euid=1000(austin) egid=1000(austin) UNIX perms appear ok (ACL/MAC wrong?))
> 
> And here is the listing showing the permissions for that file.
> 
> austin@mail:~$ ls -la 
> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
> 
> -rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
> /mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log 
> 
> 
> What in the world is causing these errors, and what can I do about them?
> 
> Thanks in advance!
> 
> Austin Witmer

Permission denied UNIX perms appear ok (ACL/MAC wrong?))

2022-08-20 Thread Austin Witmer 
Hello all!

Recently I upgraded my mail server to Ubuntu 22.04 LTS and ever since then I am 
periodically getting some dovecot errors like the below in my mail log. As far 
as I can tell, my unix perms are just fine. What is ACL/MAC?

Aug 20 14:41:58 mail dovecot: imap(u...@domain.com)<56316><1NieGKPmuOdKwxVI>: 
Error: Mailbox INBOX: 
stat(/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log) 
failed: Permission denied (euid=1000(austin) egid=1000(austin) UNIX perms 
appear ok (ACL/MAC wrong?))

And here is the listing showing the permissions for that file.

austin@mail:~$ ls -la 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log
-rwxrwxr-- 1 austin austin 15796 Aug 20 14:41 
/mnt/volume1/mailserver/plain/maildir/domain.com/user/dovecot.index.log

What in the world is causing these errors, and what can I do about them?

Thanks in advance!

Austin Witmer