CREATE_MAIL_SPOOL sets improper permissions

S

Seilori

Guest
Hello,

As a novice in administering Linux server, here is my humble request for help concerning useradd and dovecot problem in our CentOS 6.2 server.
After yum updating a whole lot of stuff with webmin last week, none of the users added after this update could use their email.
As shown below, I've added two users for test purposes: user.test1 yesterday and user.test2 this night, both with CREATE_MAIL_SPOOL = yes option (as it's stored in /etc/default/useradd). I run chmod 0600 /var/mail/user.test1 after the first useradd and that solved the problem so far. I tried this, because all the older mbox files had these privileges and this new one had 0660.

# ls -l /var/mail/user.test1
-rw------- 1 user.test1 mail 0 May 8 20:09 user.test1

I have spend a lot of time in the net trying to find a solution which solves this issue but found none, issue obviously being changing default file permissions of /var/mail/$USER when creating new users. I even tried editing /etc/dovecot/conf.d/10-mail.conf with "mail_privileged_group = mail" and reloading dovecot. But when creating a new user the same permissions 0660 are again set automatically:

# ls -l /var/mail/user.test2
-rw-rw---- 1 user.test2 mail 0 May 9 22:06 user.test2

When testing webmail with this newly created user account, I got following error message:

[SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-05-09 22:08:25]

and maillog informs:

May 9 22:08:25 mail dovecot: imap-login: Login: user=<user.test2>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=4770, secured
May 9 22:08:25 mail dovecot: imap(user.test2): Error: chown(/home/hety/user.test2/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=567(user.test2), group based on /var/mail/user.test2)
May 9 22:08:25 mail dovecot: imap(user.test2): Error: mkdir(/home/hety/user.test2/mail/.imap/INBOX) failed: Operation not permitted
May 9 22:08:25 mail dovecot: imap(user.test2): Disconnected: Logged out bytes=79/715

Because I used to add users succesfully before this update process and their emails were working ok, I think something went wrong during updates.

Can anybody help me with this problem? Meaning not to be forced to run chmod 0600 /var/mail/* after every useradd. I'm beginning to think this issue rises because of some other reason than mail server configuration even though maillog tells about mail dovecot involvement. IMHO this points more towards OS's useradd.


Thank You
 


Hey there - welcome to Linux Forum.

I believe you do want them to be 660 as all of the users (except root) have these permissions set on a default setup. Root's perms on their /var/mail/root file is 600.

Are the users getting any error messages, or are you seeing anything in the mail log(s)?
 
Hey - and thank You

Are the users getting any error messages, or are you seeing anything in the mail log(s)?

Sorry about my poor english, I'm just an ex sailor from Finland now in a position to administer linux server for the first time in my life (with no prior experience in Linux workstations either).
But isn't this from my original post answering your question?

When testing webmail with this newly created user account, I got following error message:

[SERVERBUG] Internal error occurred. Refer to server log for more information. [2013-05-09 22:08:25]

and maillog informs:

May 9 22:08:25 mail dovecot: imap-login: Login: user=<user.test2>, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=4770, secured
May 9 22:08:25 mail dovecot: imap(user.test2): Error: chown(/home/hety/user.test2/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=567(user.test2), group based on /var/mail/user.test2)
May 9 22:08:25 mail dovecot: imap(user.test2): Error: mkdir(/home/hety/user.test2/mail/.imap/INBOX) failed: Operation not permitted
May 9 22:08:25 mail dovecot: imap(user.test2): Disconnected: Logged out bytes=79/715

Anyway after doing some research I found this googling dovecot's wiki2 maillocation mbox(I can't post a straight link since I haven't got enough posts (5)):

In some systems the /var/mail/$USER files have 0660 mode permissions. This causes Dovecot to try to preserve the file's group, and if it doesn't have permissions to do so, it'll fail with an error:
imap(user): Error: chown(/home/user/mail/.imap/INBOX, -1, 12(mail)) failed: Operation not permitted (egid=1000(user), group based on /var/mail/user)
There is rarely any real need for the files to have 0660 mode, so the best solution for this problem is to just change the mode to 0600:
chmod 0600 /var/mail/*

Does this really mean that after every useradd I have to do chmod 600 /var/mail/* and there isn't any configuration file or whatever where I could alter these permissions so that they would be correctly set the defaults for all new users (ie. 600)?

And, what on earth means chown(/home/hety/user.test2/mail/.imap/INBOX, -1, 12(mail)) in this error message? chown - ok, I've red man pages. But this looks like a method/function call with those arguments in parathesis. First argument is path, last is uid/gid(?), but what's that (-1) in the middle?
 

Members online


Top