cyrus-imap configuration question SOLVED

[Charles Bradshaw]

Thanks All,

Well yes, ahem.. obviously!  Since I'm a complete beginner at this, who, what
and how did the ownership of mailboxes.db get set wrongly in the first place?

The script /usr/lib/cyrus-imapd/mkimap was run as user cyrus, as per the
instructions.

Surely cyrus CANNOT create a root owned file ??

Observation:

Just as a quick experiment I changed mailboxes.db permissions to 666 and low
it works! But something knows and changed the ownership to cyrus:mail with
permissions 600

Something very fishy there.

 ~ o ~

While on the subject of incorrect permissions. The file
/var/lib/imap/db/skipstamp was also root:root and causing this from systemctl
status cyrus-imapd after a SUCCESSFUL start.

Jan 20 12:15:44 blanked.com ctl_cyrusdb[1652]: DBERROR: writing
/var/lib/imap/db/skipstamp: Permission denied

I have know idea why these Permission denied messages are not in
/var/log/messages, perhaps it has something to do with SELinux !!

Thanks for all the help, Charles Bradshaw

On: Sun, 20 Jan 2013 07:20:18 -0400, Patrick wrote:
> On 01/20/2013 06:40 AM, Charles Bradshaw wrote:
> > Thanks Dan, Here are the details you asked for.
> >
> > My /etc/imapd.conf :
> >
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > admins: cyrus
> > sievedir: /var/lib/imap/sieve
> > sendmail: /usr/sbin/sendmail
> > hashimapspool: true
> > sasl_pwcheck_method: auxprop
> > sasl_mech_list: PLAIN DIGEST-MD5 CRAM-MD5
> > sasl_auxprop_plugin:sasldb
> > #allowplaintext: no
> > #defaultdomain: mail
> > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
> > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> > # uncomment this if you're operating in a DSCP environment (RFC-4594)
> > # qosmarking: af13
> >
> > I have played with allowplaintext and defaultdomain.
> > For the record the 3 sasl_... values are the same as the entries in
> > /etc/sasl2/Sendmail.conf
> >
> > Directory ownership:
> >
> > ls -ld /var/lib/imap
> > drwxr-x---. 18 cyrus mail 4096 Jan 19 19:37 lib/imap
> >
> > ls -l lib/imap
> > total 72
> > drwx------. 2 cyrus mail 4096 Jan 20 03:35 backup
> > drwx------. 2 cyrus mail 4096 Jan 19 19:37 db
> > drwx------. 2 cyrus mail 4096 Jan 19 19:37 db.backup1
> > drwx------. 2 cyrus mail 4096 Jan 19 16:45 db.backup2
> > -rw-------. 1 cyrus mail  144 Jan 19 12:20 deliver.db
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 log
> > -rw-------. 1 root  root  144 Jan 14 07:13 mailboxes.db
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 md5
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 meta
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 msg
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 proc
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 ptclient
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 quota
> > drwx------. 2 cyrus mail 4096 Jan 19 15:29 rpm
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 sieve
> > drwxr-x---. 2 cyrus mail 4096 Jan 19 19:37 socket
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 sync
> > drwx------. 2 cyrus mail 4096 Mar 15  2012 user
> >
> > ls -ld /var/spool/imap
> > drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 /var/spool/imap
> >
> > ls -l /var/spool/imap
> > total 8
> > drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage.
> > drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync.
> >
> > stage. and sync. are empty
> >
> > The only possibility I see above is mailboxes.db is root:root <<<< IS THIS THE
> > PROBLEM?
> 
> mailboxes.db should be owned by cyrus user.
> 
> >
> > I assume this was created during:
> > [root at dell2600 ~]# su cyrus
> > bash-4.2$ /usr/lib/cyrus-imapd/mkimap
> >
> > Charles Bradshaw
> >
> >
> > ---------- Original Message -----------
> >
> > On: Sat, 19 Jan 2013 18:46:38 -0600, Dan wrote
> >
> >> On 01/19/13 17:51 +0000, Charles Bradshaw wrote:
> >>> I'm tying to configure cyrus-imap on a Fedora 17 system.
> >>>
> >>> cyrus-imapd version cyrus-imapd.i686 2.4.14-1.fc17
> >>>
> >>> I have sendmail and saslauthd working using DIGEST-MD5 and CRAM-MD5 working.
> >>>
> >>> I have gone through the cyrus-imap configuration procedure, but when I
try to
> >>> start the server:
> >>>
> >>> # systemctl start cyrus-imapd.service
> >>> Job failed. See system journal and 'systemctl status' for details.
> >>>
> >>> # systemctl status cyrus-imapd.service
> >>> cyrus-imapd.service - Cyrus-imapd IMAP/POP3 email server
> >>> 	  Loaded: loaded (/usr/lib/systemd/system/cyrus-imapd.service; disabled)
> >>> 	  Active: failed (Result: exit-code) since Sat, 19 Jan 2013 13:29:32 +0000;
> >>> 28s ago
> >>> 	 Process: 2049 ExecStartPre=/usr/lib/cyrus-imapd/cyr_systemd_helper start
> >>> (code=exited, status=75)
> >>> 	  CGroup: name=systemd:/system/cyrus-imapd.service
> >>>
> >>> If I start the master process manually or in debug mode:
> >>> # /usr/lib/cyrus-imapd/cyrus-master -D              (or -d)
> >>> fatal error: can't read mailboxes file
> >>> ctl_cyrusdb: unable to archive environment
> >>
> >> On 01/19/13 18:17 +0000, Charles Bradshaw wrote:
> >>> File permissions are:
> >>>
> >>> # cd /var/spool
> >>> # ls -l imap
> >>> total 8
> >>> drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 stage.
> >>> drwxr-xr-x. 2 cyrus mail 4096 Jan 19 11:39 sync.
> >>> [root at dell2600 spool]# ls -ld imap
> >>> drwxr-x---. 4 cyrus mail 4096 Jan 19 11:39 imap
> >>>
> >>> # cd /var
> >>> # ls -ld imap
> >>> drwxr-x---. 2 cyrus mail 4096 Jan 19 11:32 imap
> >>
> >> Your 'configdirectory' option in /etc/imapd.conf should point to the
> >> location of your cyrus database files, including the mailboxes database.
> >> That directory, and all files underneath it, should be owned by cyrus:mail.
> >>
> >> If permissions look correct, please provide the contents of your
> >> /etc/imapd.conf file, and a directory listing of the
> >> 'configdirectory' directory.
> >>
> >> --
> >> Dan White
> > ------- End of Original Message -------
> >
> > ----
> > Cyrus Home Page: http://www.cyrusimap.org/
> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> > To Unsubscribe:
> > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> >
------- End of Original Message -------