Hi,
I tried again with some other options.
After finding
http://www.dovecot.org/list/dovecot/2013-November/093793.html
I deleted every ACL from the directory Maildir and I also assigned the
group "mail" to it, recursively:
OmniOS-Xeon:/tank/home/olaf/Maildir/.Generiche $ ls -lV
total 903
drwxrwxrwx 2 olaf mail 2 Sep 27 23:47 cur
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:rwxp--a-R-c--s:-------:allow
(and so on)
I tried also
mail_full_filesystem_access = yes
hoping that it would solve the issue, but nothing. Even with
mail_debug = yes
the log does not give any info besides
dovecot: [ID 583609 mail.error] imap(olaf): Error:
unlink(/tank/home/olaf/Maildir/.Generiche/dovecot-uidlist.tmp) failed:
Permission denied
(it shows also "rename" instead of "unlink")
With these additional info, has anyone any idea about the cause of the
problem?
My doveconf -n:
# 2.2.18: /etc/dovecot/dovecot.conf
# OS: SunOS 5.11 i86pc zfs
mail_debug = yes
mail_full_filesystem_access = yes
mail_location = maildir:/tank/home/%u/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap
ssl = required
ssl_cert = </etc/dovecot/certs/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
Any help will be appreciated.
Regards,
Olaf Marzocchi
On 19/09/2015 19:22, Christian Kivalo wrote:
Hi,
On 2015-09-19 16:17, Olaf Marzocchi wrote:
Dear Dovecot users, hello.
I will merge two issues I have into a single email because they may be
related.
I used dovecot on a OmniOS server since 2014 (currently OmniOS
r151014) with the following configuration (it shows 2.2.18 because I
recently updated dovecot, skipping only the PostgreSQL plugin):
# 2.2.18: /etc/dovecot/dovecot.conf
# OS: SunOS 5.11 i86pc zfs
mail_location = maildir:/tank/home/%u/Maildir
mail_privileged_group = mail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
protocols = imap
ssl = required
ssl_cert = </etc/dovecot/certs/dovecot.pem
ssl_key = </etc/dovecot/private/dovecot.pem
userdb {
driver = passwd
}
You can see that I set the Maildir folder inside the shared home
folders of my server (it is only one user, anyway).
It always worked perfectly, but one-two months ago I changed the
permissions of my whole home folder, recursively, to add proper ACLs.
I needed them because the clients started using illumos kernel SMB
(relying on ACLs) instead of Netatalk/AFP (relying on Unix perms
only).
I didn't realise I applied the ACLs also to the Maildir folder.
Dovecot worked for several weeks fine, I noticed the issue only
yesterday when a mailbox (see below) appeared in Thunderbird
completely empty even if the "cur" subfolder on the server still
contains all the mails.
Dovecot was throwing some errors like:
dovecot: [ID 583609 mail.error] imap(olaf): Error:
rename(/tank/home/olaf/Maildir/.&A6k- Mailing
Lists.Log/dovecot.index.cache) failed: Permission denied
(euid=501(olaf) egid=501(olaf) UNIX perms appear ok (ACL/MAC wrong?))
dovecot: [ID 583609 mail.error] imap(olaf): Error:
rename(/tank/home/olaf/Maildir/.&A6k- Mailing
Lists.Log/dovecot.index.tmp, /tank/home/olaf/Maildir/.&A6k- Mailing
Lists.Log/dovecot.index) failed: Permission denied
dovecot: [ID 583609 mail.error] imap(olaf): Error:
unlink(/tank/home/olaf/Maildir/subscriptions.lock) failed: Permission
denied
dovecot: [ID 583609 mail.error] imap(olaf): Error:
rename(/tank/home/olaf/Maildir/subscriptions.lock,
/tank/home/olaf/Maildir/subscriptions) failed: Permission denied
I will post here the current permissions of the folder containing
Maildir, of the Maildir itself, of its contents, and of the folder
that appears empty when browsed with a client (Thunderbird).
/tank/home/olaf $ ls -lV ..
drwx------+ 16 olaf olaf 17 Sep 19 01:52 olaf
user:olaf:rwxpdDaARWcCos:fd-----:allow
group:2147483648:rwxpdDaARWcCos:fd-----:allow
everyone@:rwxpdDaARWcCos:fd-----:deny
/tank/home/olaf $ ls -lV
drwxrwx--- 348 olaf olaf 359 Sep 19 01:51 Maildir
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
/tank/home/olaf $ ls -lV Maildir/
drwxrwx--- 2 olaf olaf 2 Jan 30 2014 cur
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
-rwxrwx--- 1 olaf olaf 21 Jan 30 2014 dovecot-keywords
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
(ALL THE SAME PERMISSIONS FOR THE OTHER FILES EXCEPT...)
-rwxrwx--- 1 olaf olaf 13735 Jan 24 2015 subscriptions
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
-rw-rw---- 1 olaf olaf 13709 Sep 19 01:51 subscriptions.lock
owner@:rw-p--aARWcCos:-------:allow
group@:rw-p--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
The folder that appears empty:
/tank/home/olaf $ ls -lV Maildir/.Generiche/
total 513
drwxrwx--- 2 olaf olaf 949 Sep 18 01:42 cur
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
-rwxrwx--- 1 olaf olaf 46 May 18 2014 dovecot-keywords
owner@:rwxp--aARWcCos:-------:allow
group@:rwxp--a-R-c--s:-------:allow
everyone@:------a-R-c--s:-------:allow
(ALL THE SAME PERMISSIONS FOR THE OTHER FILES)
I really hope you will have the time to help me because I already
applied the permissions recursively and I removed the ACLs, almost as
it was before my mistake.
I specified "almost" because originally (I checked the backups) the
Maildir folder had an ACL that gave access permissions also to the
group "mail":
drwxrwx---+349 olaf olaf 359 Feb 16 2014 Maildir
group:mail:rwxpdDaARWcCos:fd-----:allow
owner@:rwxpdDaARWcCos:fd----I:allow
group@:rwxpdDaARWcCos:fd----I:allow
everyone@:rwxpdDaARWcCos:fd----I:deny
Yesterday I haven't replicated it because from the documentation I
understood it was not necessary.
From my view the permissions seem to be set correctly, i have to admin,
its been a while since i moved to virtual users so i may be wrong here...
The log output also seems to support that permissions are correct.
Have you tried adding the group:mail:.... ACLs back?
Have you set mail_debug=yes or other more verbose logging settings?
http://wiki2.dovecot.org/Logging
