Results 1 to 2 of 2

Thread: dovecot permission denied while trying to read subscriptions file and lock files

  1. #1

    Default dovecot permission denied while trying to read subscriptions file and lock files

    I want to post this so that in 6 months when I have the problem again, I can find it easily.

    Here's the sitch. I used Yast to update my LEAP 42.3 server (Yes I know 15 is out, but I'm waiting) Anyway, updated using Yast and then all of a sudden my dovecot stopped working. NOPERM errors in outlook, turned on debugging dovecot and saw:

    imap(nick@xxxxxx): Error: open() failed with subscription file /srv/maildirs/xxxxxxxx/nick/subscriptions: Permission denied

    though, pshaw, who needs a subscriptions file, I'll just delete it.
    Well that fixed the subscriptions file but then

    imap(nick@xxxxxx): Debug: INBOX: Mailbox opened because: SELECT
    imap(nick@xxxxxx): Error: open(/srv/maildirs/xxxxxx/nick/dovecot.index.log) failed: Permission denied (euid=303(vmail) egid=303(vmail) UNIX perms appear ok (ACL/MAC wrong?))
    imap(nick@xxxxxx): Error: file_dotlock_create(/srv/maildirs/xxxxxx/nick/dovecot-uidlist) failed: Permission denied (euid=303(vmail) egid=303(vmail) UNIX perms appear ok (ACL/MAC wrong?))
    imap(nick@xxxxxx): Error: open(/srv/maildirs/xxxxxx/nick/dovecot-uidlist) failed: Permission denied

    I don't use ACLs. Permissions are fine. What is going on? google google google. I find an article with a similar issue and it talkes about selinux getting in the way. Humm I don't use selinux. OH AppArmor!!!! I hate apparmor, always getting in the way. So I never install it. So a quck systemctl status apparmor and the **** thing is no only installed, it's enabled, and running. systemctl stop apparmor. BINGO everything works again.

  2. #2
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,005

    Default Re: dovecot permission denied while trying to read subscriptions file and lock files

    Quote Originally Posted by stefanis View Post
    So a quck systemctl status apparmor and the **** thing is no only installed, it's enabled, and running. systemctl stop apparmor. BINGO everything works again.
    Worst possible solution you can take is disabling one of the best security features of the OS especially when it comes to an internet enabled service.

    Right solution would have been to look at the apparmor configuration module and enable reading/writing to the specific files and folders. I hope no one takes your advice on this.
    .: miuku #suse @ irc.freenode.net
    :: miuku@opensuse.org

    .: h​ttps://download.opensuse.org/repositories/home:/Miuku/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •