Appears to be an SELinux issue. I checked it out with audit2allow and
discovered several items that needed tweaking. Here is the result of my te
file:
# cat DovecotDelivery.te
module DovecotDelivery 1.0;
require {
type sysadm_passwd_t;
type postfix_spool_t;
type user_home_dir_t;
type dovecot_auth_t;
type user_home_t;
type var_spool_t;
type dovecot_t;
type mysqld_etc_t;
type dovecot_var_run_t;
type mysqld_port_t;
type system_mail_t;
class process setcap;
class tcp_socket name_connect;
class dir { search setattr };
class file { rename execute read lock write getattr unlink };
}
#============= dovecot_auth_t ==============
allow dovecot_auth_t mysqld_etc_t:file { read getattr };
allow dovecot_auth_t mysqld_port_t:tcp_socket name_connect;
#============= dovecot_t ==============
allow dovecot_t dovecot_var_run_t:dir setattr;
allow dovecot_t self:process setcap;
allow dovecot_t user_home_dir_t:file { rename write getattr read lock unlink };
#============= sysadm_passwd_t ==============
allow sysadm_passwd_t postfix_spool_t:dir search;
allow sysadm_passwd_t var_spool_t:dir search;
#============= system_mail_t ==============
allow system_mail_t user_home_t:file execute;
Some of that is left over from a previous attempt to get this working. It all
seems to be fine once I load that module.
-Geoff
________________________________________
From: Timo Sirainen [...@iki.fi]
Sent: Wednesday, December 23, 2009 1:26 PM
To: Geoff Sweet
Cc: dovecot@dovecot.org
Subject: Re: [Dovecot] Permissions errors while reading messages via IMAP
On Wed, 2009-12-23 at 13:13 -0800, Geoff Sweet wrote:
> and as you can see, the files in the delivery location have the correct
> permissions for being delivered by user "vmail":
> # ls -la
> total 64
> -rw------- 1 vmail vmail 572 Dec 23 11:51 dovecot.index.log
What about this:
> Dec 23 12:08:49 mail1 dovecot: IMAP(geoff.sw...@test.com):
> open(/home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)
> failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing
> +r perm: /home/vmail/test.com/geoff.sweet/Maildir/dovecot.index.log)
Is that file also owned by vmail:vmail? The error message shows that
vmail user doesn't have read access to the file. If that file is also
owned by vmail, I have only two ideas:
a) You have multiple vmail users. See that ls -ln shows the uids to be
actually 5000 and not something else.
b) SELinux or something similar is preventing the access to the files.
