Ordner anlegen in shared mailbox: "Permission denied"
Rainer Wiesenfarth
rainer_wiesenfarth at trimble.com
Sa Mai 13 20:03:15 CEST 2017
Hallo an die Gurus,
ich versuche jetzt den halben Tag, in einer shared mailbox einen
Unterordner anzulegen, bekomme aber immer die Meldung "Permission denied".
Mit Google und dem Dovecot-Wiki komme ich leider auch nicht weiter, deshalb
seid Ihr so ziemlich meine letzte Hilfe.
Zum Hintergrund: Ich spiele mit einem Univention Corporate Server herum
(privat, lasst Euch nicht durch die Signatur verwirren :-) ), weil ich
vermeiden will, mich als Hobby-Admin mit allen Details der
Serverkonfiguration herumzuschlagen. Der Univention Support scheint bei
meinem Problem momentan aber auch (noch) ratlos zu sein:
https://help.univention.com/t/shared-folder-keine-berechtigung-fur-unterordner/5376
Ich möchte eine shared mailbox mit eigener E-Mail-Adresse anlegen, die aber
auch über Unterordner verfügen soll. Die erste Hürde (das UCS Web-Interface
setzt die ACLs nicht vollständig) habe ich genommen. Ich sehe die mailbox
in der Ordnerliste und kann auch Nachrichten dort ablegen.
Aber ich kann keine Unterordner erstellen. Hier der IMAP-Test:
root at client:~# openssl s_client -crlf -connect imap-server:993
CONNECTED(00000003)
...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
. login alice at example.de secret
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE
SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT
MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS
LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN
CONTEXT=SEARCH LIST-STATUS SPECIAL-USE BINARY MOVE NOTIFY QUOTA ACL
RIGHTS=texk] Logged in
. list "" "*"
...
* LIST (\HasNoChildren) "/" shared/bob at example.de
...
. OK List completed.
. myrights shared/bob at example.de
* MYRIGHTS shared/bob at example.de lrwstipekxacd
. OK Myrights completed.
. create shared/bob at example.de/test
. NO [NOPERM] Permission denied
. getacl shared/bob at example.de
* ACL shared/bob at example.de alice at example.de akxeilprwtscd
. OK Getacl completed.
. logout
* BYE Logging out
. OK Logout completed.
closed
Ich habe also die benötigten Rechte, das "create" scheitert aber.
Woran kann das liegen? Die Zugriffsrechte auf die Verzeichnisse scheinen
sinnvoll zu sein (Liste folgt unten), die Konfiguration ebenfalls
("doveconf -n" ist auch unten). Ein Debug-Log von Dovecot bringt mich
leider auch nicht weiter, da steht nichts verwertbares drin.
Hat jemand von Euch eine Ahnung, was da schief läuft? Für Hinweise wäre ich
sehr dankbar!
Grüße Rainer
PS: Zugriffsrechte und Konfiguration:
root at imap-server:~# ls -al /var/spool/dovecot/private/
example.de/alice/Maildir/shared/bob at example.de
insgesamt 12
drwx--S--- 3 dovemail dovemail 4096 Mai 12 16:16 .
drwx--S--- 4 dovemail dovemail 4096 Mai 12 16:16 ..
drwx--S--- 2 dovemail dovemail 4096 Mai 13 14:54 .INBOX
root at imap-server:~# ls -al /var/spool/dovecot/private/
example.de/alice/Maildir/shared/bob at example.de/.INBOX
insgesamt 12
drwx--S--- 2 dovemail dovemail 4096 Mai 13 14:54 .
drwx--S--- 3 dovemail dovemail 4096 Mai 12 16:16 ..
-rw------- 1 dovemail dovemail 684 Mai 13 16:54 dovecot.index.pvt.log
root at imap-server:~# ls -al /var/spool/dovecot/private/example.de/bob/Maildir
insgesamt 52
drwx--S--- 5 dovemail dovemail 4096 Mai 13 15:36 .
drwx--S--- 3 dovemail dovemail 4096 Mai 13 14:31 ..
drwx--S--- 2 dovemail dovemail 4096 Mai 13 14:54 cur
-rw------- 1 dovemail dovemail 89 Mai 13 14:38 dovecot-acl
-rw------- 1 dovemail dovemail 17 Mai 13 15:36 dovecot-acl-list
-rw------- 1 dovemail dovemail 360 Mai 13 14:54 dovecot.index.cache
-rw------- 1 dovemail dovemail 1552 Mai 13 15:02 dovecot.index.log
-rw------- 1 dovemail dovemail 1836 Mai 13 15:02 dovecot.list.index.log
-rw------- 1 dovemail dovemail 51 Mai 13 14:58 dovecot-uidlist
-rw------- 1 dovemail dovemail 8 Mai 13 14:31 dovecot-uidvalidity
-r--r--r-- 1 dovemail dovemail 0 Mai 13 14:31
dovecot-uidvalidity.5916fc85
-rw------- 1 dovemail dovemail 19 Mai 13 14:54 maildirsize
drwx--S--- 2 dovemail dovemail 4096 Mai 13 14:54 new
drwx--S--- 2 dovemail dovemail 4096 Mai 13 14:54 tmp
root at imap-server:~# cat /var/spool/dovecot/private/
example.de/bob/Maildir/dovecot-acl
user=alice at example.de akxeilprwts
root at imap-server:~# ls -ld /var/spool/dovecot/private/example.de/bob
drwx--S--- 3 dovemail dovemail 4096 Mai 13 14:31 /var/spool/dovecot/private/
example.de/bob
root at imap-server:~# ls -ld /var/spool/dovecot/private/example.de
drwx--S--- 13 dovemail dovemail 4096 Mai 13 14:31
/var/spool/dovecot/private/example.de
root at imap-server:~# ls -ld /var/spool/dovecot/private
drwxr-s--- 5 dovemail dovemail 4096 Mai 12 14:50 /var/spool/dovecot/private
root at imap-server:~# ls -ld /var/spool/dovecot
drwxr-xr-x 4 dovemail dovemail 4096 Feb 26 20:42 /var/spool/dovecot
root at imap-server:~# doveconf -n
# 2.2.13: /etc/dovecot/dovecot.conf
# OS: Linux 4.9.0-ucs103-amd64 x86_64 Univention Corporate Server 4.2-0
errata15 (Lesum) ext4
auth_cache_negative_ttl = 1 mins
auth_cache_size = 100 k
auth_cache_ttl = 5 mins
auth_master_user_separator = *
auth_mechanisms = plain login
debug_log_path = syslog
default_client_limit = 400
default_process_limit = 400
first_valid_gid = 127
first_valid_uid = 121
info_log_path = syslog
last_valid_gid = 127
last_valid_uid = 121
mail_gid = dovemail
mail_home = /var/spool/dovecot/private/%Ld/%Ln
mail_location = maildir:/var/spool/dovecot/private/%Ld/%Ln/Maildir
mail_plugins = " acl quota"
mail_privileged_group = dovemail
mail_uid = dovemail
mailbox_list_index = yes
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
imapflags notify
namespace {
list = children
location = maildir:%%h/Maildir:INDEXPVT=~/Maildir/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = no
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Archives {
special_use = \Archive
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Entw&APw-rfe {
special_use = \Drafts
}
mailbox "Gel&APY-schte Elemente" {
special_use = \Trash
}
mailbox Gesendet {
special_use = \Sent
}
mailbox "Gesendete Elemente" {
special_use = \Sent
}
mailbox Ham {
auto = subscribe
}
mailbox Junk-E-Mail {
special_use = \Junk
}
mailbox Junk {
special_use = \Junk
}
mailbox Papierkorb {
special_use = \Trash
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
special_use = \Trash
}
prefix =
separator = /
type = private
}
namespace public at local {
list = children
location =
maildir:/var/spool/dovecot/public/local/public:INDEXPVT=~/Maildir/public/local/public
prefix = public at local/
separator = /
subscriptions = no
type = public
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = cache_key=%Lu dovecot
driver = pam
}
plugin {
acl = vfile
acl_anyone = allow
acl_shared_dict = file:/var/lib/dovecot/shared-mailboxes
quota = maildir:User quota
quota_grace = 10%%
quota_rule = *:storage=0
quota_rule2 = Trash:storage=+100M
quota_status_nouser = DUNNO
quota_status_overquota = 552 5.2.2 Mailbox is full
quota_status_success = DUNNO
quota_warning = storage=95%% quota-warning 95 %Lu
quota_warning2 = storage=80%% quota-warning 80 %Lu
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_dir = /var/lib/dovecot/sieve
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
protocols = " imap lmtp sieve pop3"
service anvil {
client_limit = 1603
}
service auth {
client_limit = 2000
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
}
service imap-login {
client_limit = 400
process_min_avail = 0
service_count = 1
vsz_limit = 256 M
}
service imap-postlogin {
executable = script-login /usr/lib/dovecot/dovecot-postlogin.py
user = $default_internal_user
}
service imap {
executable = imap imap-postlogin
process_limit = 400
vsz_limit = 256 M
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
address =
port = 4190
}
process_min_avail = 0
service_count = 1
vsz_limit = 256 M
}
service managesieve {
process_limit = 400
}
service pop3-login {
client_limit = 400
process_min_avail = 0
service_count = 1
vsz_limit = 256 M
}
service pop3 {
executable = pop3 imap-postlogin
process_limit = 400
vsz_limit = 256 M
}
service quota-status {
client_limit = 1
executable = quota-status -p postfix
inet_listener {
address = 127.0.0.1
port = 12340
}
}
service quota-warning {
executable = script /usr/lib/dovecot/quota-warning.sh
unix_listener quota-warning {
user = dovemail
}
user = dovemail
}
ssl_cert = </etc/univention/ssl/imap-server.example.de/cert.pem
ssl_cipher_list =
EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh_parameters_length = 2048
ssl_key = </etc/univention/ssl/imap-server.example.de/private.key
ssl_parameters_regenerate = 1 weeks
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
syslog_facility = local5
userdb {
args = /etc/dovecot/dovecot-ldap.conf.ext
driver = ldap
}
protocol lmtp {
mail_plugins = " acl quota quota sieve"
}
protocol lda {
mail_plugins = " acl quota sieve"
}
protocol imap {
mail_plugins = " acl quota imap_acl imap_quota"
}
protocol sieve {
mail_max_userip_connections = 10
}
--
Software Engineer | Trimble Imaging Division
Rotebühlstraße 81 | 70178 Stuttgart | Germany
Office +49 711 22881 0 | Fax +49 711 22881 11
http://www.trimble.com/imaging/ | http://www.inpho.de/
Trimble Germany GmbH, Am Prime Parc 11, 65479 Raunheim
Eingetragen beim Amtsgericht Darmstadt unter HRB 83893,
Geschäftsführer: Dr. Frank Heimberg, Jürgen Kesper
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <https://listen.jpberlin.de/pipermail/dovecot/attachments/20170513/255821f9/attachment-0001.html>
Mehr Informationen über die Mailingliste Dovecot