Dovecot installation help needed

bob64662 · #1 8th August 2010, 11:55 PM

I am upgrading frm Fedore core 5 to Fedora 13. Dovecot worked fine under core 5, but under Fedora 13, I get the error:

Aug 08 07:04:30 auth(default): Error: passwd-file /var/mail/vhosts/passwd-file: Can't open file: Permission denied
Aug 08 07:04:30 dovecot: Fatal: Auth process died too early - shutting down

I do have a file named /var/mail/vhosts/passwd-file (the same one I used in my core 5 impplementation). I have changed the permissions to 666 and the permissions of the vhosts directory to 777, and have disable SELINUX via:

echo 0 >/selinux/enforce

still get the error.

Any suggestions?

---------- Post added at 04:55 PM CDT ---------- Previous post was at 04:31 PM CDT ----------

Update: I retried everything, and it DOES appear to be an SELINUX. I can't find the magic SELINUX code to make dovecot happy either.

As an aside, it it just me, or is selinux extremely complicated and unintuitive. Am I missing something about the finer point of selinux? I am trying to keep selinux on, but I have wasted more time dancing around selinux issues that everything else combined on this upgrade and I still do not no the benefit of selinux.

oxala · #2 9th August 2010, 01:37 AM

Hello Bob,

I don't even know what Dovecot means, so I can't directly address your primary question ... sorry. Are you actually "upgrading" from 5 -> 13 ... or parallel installs?

As to your side remarks about selinux:

I just started using FC13 a couple of weeks ago after 10+ years on SuSE, so I had never experienced the joy of selinux before either. You used the words "extremely complicated and unintuitive". Hee hee .... yep .... sounds familiar!

Honestly, I'm not sure I see the benefit either, especially in my case, a personal computer in my home.

After a little reading and experimenting, I was able to wrap my brain around it well enough to get my issues resolved and keep the box running in "Enforcing" mode. I'm glad to have some familiarity with it as I'm sure it will pop up in my professional life.

Best of luck!

diamond_ramsey · #3 9th August 2010, 02:16 AM

Quote:

Originally Posted by bob64662

I am upgrading frm Fedore core 5 to Fedora 13. Dovecot worked fine under core 5, but under Fedora 13, I get the error:

Aug 08 07:04:30 auth(default): Error: passwd-file /var/mail/vhosts/passwd-file: Can't open file: Permission denied
Aug 08 07:04:30 dovecot: Fatal: Auth process died too early - shutting down

I do have a file named /var/mail/vhosts/passwd-file (the same one I used in my core 5 impplementation). I have changed the permissions to 666 and the permissions of the vhosts directory to 777, and have disable SELINUX via:

echo 0 >/selinux/enforce...

I am not sure about Fedora Core 5 and Fedora 13 having "passwd-file" similarities / differences. This may be a problem, too.

Try the following two steps and post your results. The following are examples from my machine:
==============================================
[root@localhost ~]# more /selinux/enforce
1
[root@localhost ~]# getenforce
Enforcing
==============================================

Quote:

Originally Posted by bob64662

...Any suggestions?

Update: I retried everything, and it DOES appear to be an SELINUX. I can't find the magic SELINUX code to make dovecot happy either.

As an aside, it it just me, or is selinux extremely complicated and unintuitive. Am I missing something about the finer point of selinux? I am trying to keep selinux on, but I have wasted more time dancing around selinux issues that everything else combined on this upgrade and I still do not no the benefit of selinux.

Dovecot is the e-mail program, right?

stevea · #4 9th August 2010, 03:56 AM

Use the "system-admin-selinux"
Selects permissive or disabled (disabled requires a reboot).

Anyway the message you are seeing is not indicative of an SEL problem, it looks like a basic permissions problem.

==

I've used dovecot since ~F8. Dovecot's config has changed a fair bit even since F10, so just copying over the config file isn't a good idea. You really should go thru the /etc/dovecot.conf paragraph by paragraph and think through each issue.

It claims it's failing to access your /var/mail/vhosts/passwd-file file due to permissions. So is that true ?
What are the permission o the file ? Please post the result of
ls -ld /var/mail/vhosts /var/mail/vhosts/passwd-file
dovecot -n

Are you useing the /etc/dovecot.deny list feature ?

The dovecot processes run with various uid ownership but dovecot-auth defaults to root, but it still obsreves the POSIX permissions.

bob64662 · #5 9th August 2010, 05:32 AM

disabling selinis is iving me more favorable results, so I think it is selinux related.

As per your request:

(I'm tried all sorts of permission variations)

[root@localhost vhosts]# ls -ld /var/mail/vhosts/passwd-file
-rwxrwxrwx. 1 webmail webmail 447 Aug 8 12:46 /var/mail/vhosts/passwd-file

[root@localhost vhosts]# dovecot -n
# 1.2.12: /etc/dovecot.conf
# OS: Linux 2.6.33.6-147.2.4.fc13.i686.PAE i686 Fedora release 13 (Goddard) ext4
log_path: /var/log/dovecot
ssl: no
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_user: webmail
login_greeting: HLG Dovecot ready.
login_process_per_connection: no
first_valid_uid: 1
last_valid_uid: 1000
first_valid_gid: 0
mail_uid: root
mail_gid: root
mail_location: mbox:/var/mail/vhosts/%d/%n:INBOX=/var/mail/vhosts/%d/$n/Mailbox
mail_debug: yes
mail_full_filesystem_access: yes
mail_executable(default): /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/pop3
mail_plugin_dir(default): /usr/lib/dovecot/imap
mail_plugin_dir(imap): /usr/lib/dovecot/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/pop3
auth default:
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: /var/mail/vhosts/passwd-file
userdb:
driver: passwd-file
args: /var/mail/vhosts/passwd-file
[root@localhost vhosts]#

stevea · #6 9th August 2010, 05:49 AM

You missed the directory name in the "ls -ld ..." command - there should be two lines.. Without knowing the directory perms & ownership it's just a guess.

Anyway if shows your auth running as root, and the file perms look too liberal, but the file owner should be <root root> not <webmail webmail>., and probably rw------- at most. The directory must have at least read and perhaps execute permissions for root.

This looks interesting, but I only run F13 now and the SEL IDs are different.
http://forums.fedoraforum.org/showthread.php?t=247568

bob64662 · #7 9th August 2010, 09:18 AM

I am running Fedora 13 as well. I got dovecot to work by (a) reverting to a clean copy of the dovecot.conf file and being very conservative about changes, (b) disabling both selinux and iptables.

I am surprised the install doesn't do its magic to work with both. Can you tell me how to configure both iptables and selinux in F13 to make dovecot happy and functional?