Create mailbox: permission denied

Mike O'Rourke mike.orourke at op.org
Thu Jan 30 04:08:31 EST 2003


wvg, if you are not subscribed to the "info-cyrus" list, please do so. Your 
problem is not with SASL, but your imap setup.

I think it is time to take this back to the list now that we have better 
defined the problem.

List: please excuse the length of this message, it started out with:
"for some reason i can not make a user mail box mailbox with cyrus2
any ideas"
and progressed from there.

To summarize: The cyrus user authenticates fine (see the results of imtest 
and entries in /var/log/messages), but can not create mailboxes.

The system:
         freebsd 4.7
         cyrus-imapd 2.1.11
         cyrus-sasl 2.?.? (wvg, could you supply the list with this info?)
the system uses saslauthd for authentication.

Among the admins in /etc/imapd.conf is cyrus. The user used mkimap (as 
cyrus) to create everything, but is unable to create mailboxes. A plain 
user can authenticate using imtest and issue commands to the imap server, 
but (of course) no mailbox exists.

wvg,

>is cyrus soppesed to checkpiont so much my log is full of those enteries

This is controlled by the "checkpoint" setting in the "EVENTS" section of 
/etc/cyrus.conf, which in your case is set to 30 minutes (the default),

>seeems like the same error i get with cyradm do you think i should change
>the permissions back to cyrus and group mail (pretty sure i already
>tried that a few times but i can try agian) or does having cyrus in the
>mail group have the same affect i also read some where that i should add
>daemeon to the mail group as i have done already.  i do not like messing
>around with groups and permissions and modes in case it still does not
>work and i forget to change things back it just gets messey.
>
>xxx.xxx.xx.net > ~ $imtest -u cyrus -a cyrus localhost
>S: * OK xxx.xxx.xx.net Cyrus IMAP4 v2.1.11 server ready
>C: C01 CAPABILITY
>S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
>NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
>THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5
>S: C01 OK Completed
>C: A01 AUTHENTICATE DIGEST-MD5
>S: +
>bm9uY2U9IjhnQktPMWNJTWVTVnJndC9NUlM1emN2bE4reFdZZGsrcUo1alRYOVd6Qmc9IixyZWFsbT0idjIwLnZ4di4yeS5uZXQiLHFvcD0iYXV0aCxhdXRoLWludCxhdXRoLWNvbmYiLGNpcGhlcj0icmM0LTQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
>Please enter your password:
>C:
>dXNlcm5hbWU9ImN5cnVzIixyZWFsbT0idjIwLnZ4di4yeS5uZXQiLG5vbmNlPSI4Z0JLTzFjSU1lU1ZyZ3QvTVJTNXpjdmxOK3hXWWRrK3FKNWpUWDlXekJnPSIsY25vbmNlPSJ4ODdMTFFka2cvQlluRVZVR1dISitjTnQyQlVWSlN3OFA1Y3RiRFpKRmswPSIsbmM9MDAwMDAwMDEscW9wPWF1dGgtY29uZixjaXBoZXI9InJjNCIsbWF4YnVmPTEwMjQsZGlnZXN0LXVyaT0iaW1hcC9sb2NhbGhvc3Qudnh2LjJ5Lm5ldCIscmVzcG9uc2U9NDBiMzVmNTA2NmI1YzJkZGRhZmVkNGFjNjkyOGEzMjY=
>S: + cnNwYXV0aD1iN2QxNzRmMWQ5NGE1NTExM2UxNmNmNGQ5NjBlYTVkNw==
>C:
>S: A01 OK Success (privacy protection)
>Authenticated.
>Security strength factor: 128
>. create user.rmvg
>. NO Permission denied
>
>here is /var/log/messages
>
>Jan 29 13:48:46 v20 ctl_cyrusdb[6067]: checkpointing cyrus databases
>Jan 29 13:48:46 v20 ctl_cyrusdb[6067]: done checkpointing cyrus databases
>Jan 29 14:18:46 v20 ctl_cyrusdb[6094]: checkpointing cyrus databases
>Jan 29 14:18:46 v20 ctl_cyrusdb[6094]: done checkpointing cyrus databases
>Jan 29 14:27:07 v20 imapd[6108]: can't access srvtab file /etc/srvtab: No
>such file or directory
>Jan 29 14:27:07 v20 imapd[6108]: OTP unavailable because can't read/write
>key database /etc/opiekeys
>Jan 29 14:27:12 v20 imapd[6108]: no user in db
>Jan 29 14:27:12 v20 imapd[6108]: login: localhost.vxv.2y.net[127.0.0.1]
>cyrus DIGEST-MD5 User logged
>
>is cyrus soppesed to checkpiont so much my log is full of those enteries
>
>there is still no /var/log/imapd,log entries
>
>thanks but is still need some more advice i am really glad this list
>exists
>because i have been banging my head agiant the wall now for sometime adn
>have gianed nothing on my own your help is much apperciated.
>
>
>
>
>On Wed, 29 Jan 2003, Mike O'Rourke wrote:
>
> > OK, from the imtest, it seems as though all of the SASL stuff is
> > working, so you have a problem in the cyrus-imapd setup.
> >
> > You could try to create the mailbox without using cyradm as indicated
> > on the list previously:
> >       imtest -u cyrus -a cyrus localhost
> > and after you successfully authenticate as cyrus,
> >       . create user.rmvg
> > this should respond with
> >       OK completed
> > The mailbox is then there.
> >
> > If this works, it looks like you have a problem with cyradm or Perl. If
> > it responds with "NO " and a reason, there is a problem with the cyrus
> > databases created with the mkimap command.
> >
> > Let me know.
> >
> > Mike.
> >
> > >>> wvg <wvg at v20.vxv.2y.net> 01/29/03 10:26am >>>
> > seems wierd since i set the permissions to cyrus and the group to mail
> > like they told me to in the confige-install file.  does this have
> > something to do with ./mkimap.  now they are user cyrus and
> > group cyrus there was no user dir so i created one as the cyrus user
> > now
> > /var/spool/imap looks like this.
> >
> > drwxr-x---  2 cyrus  cyrus  512 Jan  3 20:31 stage.
> > drwxr-xr-x  2 cyrus  cyrus  512 Jan 29 01:51 user
> >
> > i think it is a problem with permissions so i added cyrus to the mail
> > group and it still does not work. or at least i thing i added cyrus to
> > the
> > mail group.  not sure how this group stuff works
> >
> > etc/group
> >
> > daemon:*:1:daemon
> > mail:*:6:cyrus,daemon
> > cyrus:*:60:
> >
> > here is my imtest stuff
> >
> > %cyradm localhost
> > Password:
> > localhost.xxx.xx.net> cm rmvg.user
> > createmailbox: Permission denied
> > localhost.xxx.xx.net> imtest -u rmvg -a rmvg localhost
> > S: * OK xxx.xxx.xx.net Cyrus IMAP4 v2.1.11 server ready
> > C: C01 CAPABILITY
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
> > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
> > SORT
> > THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=DIGEST-MD5
> > AUTH=CRAM-MD5
> > S: C01 OK Completed
> > C: A01 AUTHENTICATE DIGEST-MD5
> > S: +
> > 
> bm9uY2U9IjM1enFQT2x1bzVZZVQ0NVMxUDlVcEZYVVRwanpybk04UkNiaGlMNFNVc3M9IixyZWFsbT0idjIwLnZ4di4yeS5uZXQiLHFvcD0iYXV0aCxhdXRoLWludCxhdXRoLWNvbmYiLGNpcGhlcj0icmM0LTQwLHJjNC01NixyYzQsZGVzLDNkZXMiLG1heGJ1Zj00MDk2LGNoYXJzZXQ9dXRmLTgsYWxnb3JpdGhtPW1kNS1zZXNz
> > Please enter your password:
> > C:
> > 
> dXNlcm5hbWU9InJtdmciLHJlYWxtPSJ2MjAudnh2LjJ5Lm5ldCIsbm9uY2U9IjM1enFQT2x1bzVZZVQ0NVMxUDlVcEZYVVRwanpybk04UkNiaGlMNFNVc3M9Iixjbm9uY2U9IjlYMUYrZlhIbkNOaXFsS21BWG5vZUxWd3ZDOUNTR2VleFNxV2dUekMyWEU9IixuYz0wMDAwMDAwMSxxb3A9YXV0aC1jb25mLGNpcGhlcj0icmM0IixtYXhidWY9MTAyNCxkaWdlc3QtdXJpPSJpbWFwL2xvY2FsaG9zdC52eHYuMnkubmV0IixyZXNwb25zZT04YzU4NjRmNzQ0ZGExODc5NmUyNTQzZjFiNTA2NmNlMQ==
> > S: + cnNwYXV0aD1hM2ZhYzIyMmNlYzQxYjI3MjNjYWU2YWZiMmRiYjZiMQ==
> > C:
> > S: A01 OK Success (privacy protection)
> > Authenticated.
> > Security strength factor: 128
> > . select inbox
> > . NO Mailbox does not exist
> >
> > lm just gives me a blank line
> >
> > what does the star mean i have added the following lines to my
> > syslog.conf
> > file already should i use a * instead
> >
> > local6.debug                          /var/log/imapd.log
> > auth.debug                            /var/log/auth.log
> >
> > i will set the debug to a star like this
> >
> > local6.*                          /var/log/imapd.log
> > auth.*                            /var/log/auth.log
> >
> > here is the output of /var/log/messages while i tried this stuff also
> > i
> > tried to log in useing outlook at the bottom and i think it works just
> > know mailbox
> >
> >
> > 29 01:48:46 v20 ctl_cyrusdb[5175]: checkpointing cyrus databases
> > Jan 29 01:48:46 v20 ctl_cyrusdb[5175]: done checkpointing cyrus
> > databases
> > Jan 29 01:49:39 v20 su: rmvg to root on /dev/ttyp2
> > Jan 29 01:51:55 v20 imapd[5192]: can't access srvtab file /etc/srvtab:
> > No
> > such file or direc
> > Jan 29 01:51:56 v20 imapd[5192]: OTP unavailable because can't
> > read/write
> > key database /etc/
> > Jan 29 01:52:01 v20 imapd[5192]: no user in db
> > Jan 29 01:52:01 v20 imapd[5192]: login:
> > localhost.vxv.2y.net[127.0.0.1]
> > cyrus DIGEST-MD5 Use
> > Jan 29 01:53:20 v20 imapd[5195]: can't access srvtab file /etc/srvtab:
> > No
> > such file or direc
> > Jan 29 01:53:20 v20 imapd[5195]: OTP unavailable because can't
> > read/write
> > key database /etc/
> > Jan 29 01:52:01 v20 imapd[5192]: no user in db
> > Jan 29 01:52:01 v20 imapd[5192]: login:
> > localhost.vxv.2y.net[127.0.0.1]
> > cyrus DIGEST-MD5 Use
> > Jan 29 01:53:20 v20 imapd[5195]: can't access srvtab file /etc/srvtab:
> > No
> > such file or direc
> > Jan 29 01:53:20 v20 imapd[5195]: OTP unavailable because can't
> > read/write
> > key database /etc/
> > Jan 29 01:53:25 v20 imapd[5195]: no user in db
> > Jan 29 01:53:25 v20 imapd[5195]: login:
> > localhost.vxv.2y.net[127.0.0.1]
> > rmvg DIGEST-MD5 User
> > Jan 29 02:18:46 v20 ctl_cyrusdb[5223]: checkpointing cyrus databases
> > Jan 29 02:18:46 v20 ctl_cyrusdb[5223]: done checkpointing cyrus
> > databases
> > Jan 29 02:21:00 v20 imapd[5227]: can't access srvtab file /etc/srvtab:
> > No
> > such file or direc
> > Jan 29 02:21:00 v20 imapd[5227]: OTP unavailable because can't
> > read/write
> > key database /etc/
> > Jan 29 02:21:01 v20 imapd[5227]: login: [192.168.0.2] rmvg plaintext
> >
> >
> >
> >
> >
> > On Tue, 28 Jan 2003, Mike O'Rourke wrote:
> >
> > > OK, a couple of things here:
> > >
> > > Problem 1:
> > >
> > > I use linux (suse) and Tru64 unix, and don't know that much about
> > > freebsd, but some unixes do not log anything other than what is on
> > the
> > > line in the syslog config file. You might try something like
> > >     local6.*                /var/log/imapd.log
> > >
> > > Problem 2:
> > > It looks like you are authenticating OK since the entry in
> > > /var/log/messages says that cyrus is logged in.
> > >
> > > What are the permissions/ownership on /var/spool/imap/user?
> > >
> > > In cyradm, what are the results of lm?
> > >
> > > What happens when you do an "imtest -u rmvg -a rmvg localhost"?
> > >
> > > If you successfully authenticate, try a
> > >     . select inbox
> > > and see what happens.
> > >
> > > Mike.
> > >
> > > >>> wvg <wvg at v20.vxv.2y.net> 01/27/03 10:15pm >>>
> > > sorry about that last message i was frusterated and did not know
> > where
> > > to
> > > begin however since then i have reposted the following message that
> > > has
> > > some usefull info in it
> > >
> > > I have been tring to get my cyrus2 with sasl2 on freebsd version 4.7
> > > to
> > > work for some time now
> > >
> > > I set everything up the way i was told to do so in
> > > /usr/local/share/doc/cyrus2-imapd/text/install-config
> > >
> > > my /etc/imapd.conf
> > >
> > > configdirectory: /var/imap
> > > partition-default: /var/spool/imap
> > > admins: cyrus root rmvg
> > > #srvtab: /var/imap/srvtab
> > > #sasl_pwcheck_method: shadow
> > > sasl_pwcheck_method: saslauthd
> > > #sasl_pwcheck_method: auxprop
> > >
> > > my permissions for /var/imap dir
> > > drwxr-x---  12 cyrus   mail     512 Jan 25 16:24 imap
> > >
> > > my permissions for /var/spool/imap
> > > drwxr-x---  3 cyrus  mail   512 Jan  3 20:31 imap
> > >
> > > my permision for /usr/sieves
> > > drwxr-x---   2 cyrus  mail    512 Jan 12 22:15 sieve
> > >
> > > when i tried to
> > > su cyrus
> > > /tools/mkimap
> > > mkimap:command not found.
> > >
> > > so i changed the permissions on /usr/local/cyrus to
> > > drwxr-x---   3 cyrus  mail    512 Jan  3 22:43 cyrus
> > > and still got
> > > su cyrus
> > > /tools/mkimap
> > > mkimap:command not found.
> > >
> > > so i tried this still as the cyrus user and it worked
> > > ./mkimap
> > > \reading configure file...
> > > i will configure directory /var/imap.
> > > i saw partition /var/spool/imap.
> > > you are using /var/imap/sieve as your sieve directory.
> > > done
> > > creating /var/imap...
> > > creating /var/imap/sieve...
> > > creating /var/spool/imap...
> > > done
> > > all the following servies are there
> > >            pop3      110/tcp
> > >            imap      143/tcp
> > >            imsp      406/tcp
> > >            acap      674/tcp
> > >            imaps     993/tcp
> > >            pop3s     995/tcp
> > >            kpop      1109/tcp
> > >            sieve     2000/tcp
> > >            lmtp      2003/tcp
> > >            fud       4201/udp
> > >
> > > my /etc/imapd.conf
> > > # standard standalone server implementation
> > >
> > > START {
> > >   # do not delete this entry!
> > >   recover       cmd="ctl_cyrusdb -r"
> > >
> > >   # this is only necessary if using idled for IMAP IDLE
> > > #  idled                cmd="idled"
> > > # UNIX sockets start with a slash and are put into /var/imap/socket
> > > SERVICES {
> > >   # add or remove based on preferences
> > >   imap          cmd="imapd" listen="imap" prefork=0
> > >   imaps         cmd="imapd -s" listen="imaps" prefork=0
> > >   pop3          cmd="pop3d" listen="pop3" prefork=0
> > >   pop3s         cmd="pop3d -s" listen="pop3s" prefork=0
> > >   sieve         cmd="timsieved" listen="sieve" prefork=0
> > >
> > >   # at least one LMTP is required for delivery
> > > #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
> > >   lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> > >
> > >   # this is only necessary if using notifications
> > > #  notify       cmd="notifyd" listen="/var/imap/socket/notify"
> > > proto="udp"
> > > prefo
> > > }
> > >
> > > EVENTS {
> > >   # this is required
> > >   checkpoint    cmd="ctl_cyrusdb -c" period=30
> > >
> > >   # this is only necessary if using duplicate delivery suppression
> > >   delprune      cmd="ctl_deliver -E 3" at=0400
> > >
> > >
> > >  # this is only necessary if caching TLS sessions
> > >   tlsprune      cmd="tls_prune" at=0400
> > > }
> > >
> > > MY FIRST PROBLEM
> > >
> > > /var/imapd.log is empty
> > > /var/auth.log is empty
> > >
> > > copied the following lines to /etc/syslog
> > >
> > > local6.debug                                    /var/log/imapd.log
> > > auth.debug                                      /var/log/auth.log
> > >
> > > still nothing in the logs
> > > are the permissions for the logs right or should they be cyrus and
> > > mail
> > > like the above files and dirctoies
> > > -rw-r--r--  1 root  wheel          0 Dec 31 19:33 imapd.log
> > > -rw-------  1 root  wheel      98125 Jan 25 17:23 auth.log
> > >
> > > however there is some stuff in /var/log/messages
> > > on a clean reboot this is what the log contains
> > >
> > > Jan 25 17:18:43 v20 master[150]: process started
> > > Jan 25 17:18:44 v20 ctl_cyrusdb[154]: recovering cyrus databases
> > > Jan 25 17:18:46 v20 ctl_cyrusdb[154]: done recovering cyrus
> > databases
> > > Jan 25 17:18:46 v20 master[150]: ready for work
> > > Jan 25 17:18:46 v20 ctl_cyrusdb[179]: checkpointing cyrus databases
> > > Jan 25 17:18:46 v20 ctl_cyrusdb[179]: done checkpointing cyrus
> > > databases
> > >
> > >
> > > PROBLEM 2
> > >
> > >
> > > Cannot create mailboxes for my users
> > >
> > > #su cyrus
> > > %cyradm localhost
> > > Password:
> > > localhost.xxx.xxx.net> createmailbox user.rmvg
> > > createmailbox: Permission denied
> > > localhost.xxx.xxx.net> cm user.rmvg
> > > createmailbox: Permission denied
> > > localhost.xxx.xxx.net> whoami
> > > cyrus
> > > localhost.xxx.xxx.net>
> > >
> > > This is what happens in my /var/log/messages
> > > Jan 25 17:29:13 v20 imapd[209]: can't access srvtab file
> > /etc/srvtab:
> > > No
> > > such file or directory
> > > Jan 25 17:29:14 v20 imapd[209]: OTP unavailable because can't
> > > read/write
> > > key database /etc/opiekeys: Permission denied
> > > Jan 25 17:29:17 v20 imapd[209]: no user in db
> > > Jan 25 17:29:17 v20 imapd[209]: login:
> > localhost.vxv.2y.net[127.0.0.1]
> > > cyrus DIGEST-MD5 User logged in
> > >
> > > Locally (ssh2 to my server) using pine I can send and receive mail
> > and
> > > when I try to connect using outlook I get this in the
> > > /var/log/messeage
> > >
> > > Jan 25 17:38:30 v20 imapd[235]: can't access srvtab file
> > /etc/srvtab:
> > > No
> > > such file or directory
> > > Jan 25 17:38:30 v20 imapd[235]: OTP unavailable because can't
> > > read/write
> > > key database /etc/opiekeys: Permission denied
> > > Jan 25 17:38:30 v20 imapd[235]: login: [192.168.0.2] rmvg plaintext
> > >
> > >
> > > On Mon, 27 Jan 2003, Mike O'Rourke wrote:
> > >
> > > > Hi,
> > > >
> > > > I am responding to you off the list since on the surface, this
> > does
> > > not
> > > > seem to be a SASL problem.
> > > >
> > > > What is the software on your system
> > > >   - Cyrus IMAPD version
> > > >   - Cyrus SASL version
> > > >   - OS
> > > >   - etc.
> > > > How is it set up
> > > >   - Authentication method in /usr/(local/)lib/sasl(2)/Cyrus.conf
> > > >   - Setup in /etc/imapd.conf and /etc/cyrus.conf
> > > > What command do you use to add the mailbox?
> > > > What response do you see?
> > > > Any errors, etc?
> > > >
> > > > Mike.
> > > >
> > > > >>> wvg <wvg at v20.vxv.2y.net> 01/25/03 04:23am >>>
> > > > for some reason i can not make a user mail box mailbox with cyrus2
> > > > any ideas
> > > >
> > > >
> > > >
> > >
> >





More information about the Info-cyrus mailing list