# [solved] courier-imap chdir $MAILDIR permission denied error

## Thiemo

The symptom of the problem is that I cannot access mail of virtual users. This first post contains bits of a short conversation with Seather who is helping me. Thank you Seather.

I followed Gentoo's virtual mail server guide as of August 2004 (seems to be outdated) as far as it seemed sensible to me.

- postfix is working well, I receive e-mail for linux account users and virtual users; I could prove it by seening the files in the respective maildirs

- imap access works for linux account users only

- imap access does NOT work for VIRTUAL users

- main domain: thiam.ch

- virtual domain (for the virtual users): hace-fadi-smezza.ch

- courier-imap 3.0.2 (latest ebuild would be 3.0.5)

- postfix 2.1.3

- mysql 4.0.20

- mailman 2.1.5-r2

Procedure I use to reproduce the error:

- start kmail (imap account for the virtual user is already defined)

- emmediately there is the kmail error message: 

```
Verbindung zu Rechner imap.thiam.ch ist unterbrochen
```

 that is in a kind of English: 

```
connection to computer imap.thiam.ch was disconnected
```

- log messages of /var/log/mail/current: 

```
Aug 29 01:31:43 [imapd-ssl] Connection, ip=[::ffff:192.168.0.249]

Aug 29 01:31:43 [imapd-ssl] LOGIN: DEBUG: ip=[::ffff:192.168.0.249], command=CAPABILITY

Aug 29 01:31:43 [imapd-ssl] LOGIN: DEBUG: ip=[::ffff:192.168.0.249], command=AUTHENTICATE

Aug 29 01:31:43 [imapd-ssl] chdir /home/vmail/hace-fadi-smezza.ch/thiemo/Maildir/: Permission denied
```

Files system permissions:

```
nyffeltrach mysql # l /home/vmail/

insgesamt 2

drwxr-xr-x   3 vmail vmail  88 25. Aug 23:47 .

drwxr-xr-x  10 root  root  264 22. Aug 15:12 ..

drwx------   3 vmail vmail  72 25. Aug 23:47 hace-fadi-smezza.ch

nyffeltrach mysql # l /home/vmail/hace-fadi-smezza.ch/thiemo/

insgesamt 2

drwx------  3 vmail vmail  72 28. Aug 03:12 .

drwx------  3 vmail vmail  72 25. Aug 23:47 ..

drwx------  5 vmail vmail 120 25. Aug 23:47 Maildir

nyffeltrach mysql # l /home/vmail/hace-fadi-smezza.ch/thiemo/Maildir/

insgesamt 3

drwx------  5 vmail vmail 120 25. Aug 23:47 .

drwx------  3 vmail vmail  72 28. Aug 03:12 ..

drwx------  2 vmail vmail  48 25. Aug 23:47 cur

drwx------  2 vmail vmail 432 26. Aug 14:52 new

drwx------  2 vmail vmail  48 26. Aug 14:52 tmp
```

- I assume it would work if I could make courier-imap virtual user mail directories as linux user vmail, but I am not sure and have no idea how to do.

- I tried to figure out as which linux user courier-imap uses to access virtual user maildirs. I was not successful.

- I changed file system permissions on virtual maildir to  777 but it still didn't work!

 *Seather wrote:*   

> I am going to asume that you followed the gentoo-virt-mail howto as well. Correct?

 

Yes. This is correct. However, I am affraid, this docuement is a bit outdated. I didn't stick to it strictly.

 *Seather wrote:*   

> If you could add your main.cf it would be usefull too!

 

I don't quite believe this his of use with my problem but here you go. Btw, I put some more conf files below:

main.cf (most comments removed)

```
queue_directory = /var/spool/postfix

command_directory = /usr/sbin

daemon_directory = /usr/lib/postfix

mail_owner = postfix

unknown_local_recipient_reject_code = 550

debug_peer_level = 2

debugger_command =

         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin

         xxgdb $daemon_directory/$process_name $process_id & sleep 5

sendmail_path = /usr/sbin/sendmail

newaliases_path = /usr/bin/newaliases

mailq_path = /usr/bin/mailq

setgid_group = postdrop

html_directory = no

manpage_directory = /usr/share/man

sample_directory = /etc/postfix

readme_directory = /usr/share/doc/postfix-2.1.3/readme

default_destination_concurrency_limit = 2

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

home_mailbox = .maildir/

default_destination_concurrency_limit = 10

alias_database = hash:/etc/mail/aliases

local_destination_concurrency_limit = 2

alias_maps = hash:/etc/mail/aliases

masquerade_domains=thiam.ch

masquerade_exceptions=root

myorigin = thiam.ch

mydestination = thiam.ch nyffeltrach.thiam.ch localhost.thiam.ch localhost

myhostname = nyffeltrach.thiam.ch

mynetworks = 127.0.0.0/8 192.168.0.0/24

recipient_delimiter = +

smtpd_banner = $myhostname ESMTP $mail_name $mail_version (Gentoo)

content_filter = vscan:

mailbox_command = procmail -a "$EXTENSION"

home_mailbox = Maildir/

smtpd_sasl_auth_enable = yes

smtpd_sasl2_auth_enable = yes

smtpd_sasl_security_options = noanonymous

broken_sasl_auth_clients = yes

smtpd_sasl_local_domain =

smtpd_recipient_restrictions =

  # blockiert von unbekannten Absenderdomains

  # blockiert Sender ohne FQDN

  # erlaubt meinen Netzwerken, diesen Server als Relay zu  nutzen

        permit_mynetworks,

  # erm?licht die Authentifizierung ber SMPT-Auth

        permit_sasl_authenticated,

  # erlaubt Mails ber diesen Server als Mailrelay nach DNS-MX-Daten

  # Relaycheck

        reject_unauth_destination

  # prft auf gesperrte Sender

        #check_sender_access hash:/etc/postfix/sender_access,

  # prft auf gesperrte Empf?ger

        #check_recipient_access hash:/etc/postfix/recipient_access,

  # Default: verboten

smtpd_use_tls = yes

smtpd_tls_cert_file = /etc/postfix/certs/server_cert.pem

smtpd_tls_key_file = /etc/postfix/certs/server_key.pem

smtpd_tls_CAfile = /root/CA-thiam.ch/cacert.pem

smtpd_tls_loglevel = 3

smtpd_tls_received_header = yes

smtpd_tls_session_cache_timeout = 3600s

tls_random_source = dev:/dev/urandom

message_size_limit = 26214400

alias_maps = hash:/etc/mail/aliases, mysql:/etc/postfix/mysql-aliases.cf

local_recipient_maps = $alias_maps $virtual_mailbox_maps unix:passwd.byname

local_transport = local

owner_request_special = no

relay_domains = $mydestination

relocated_maps = mysql:/etc/postfix/mysql-relocated.cf

virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf

virtual_gid_maps = static:11000

virtual_mailbox_base = /

virtual_mailbox_domains = hace-fadi-smezza.ch

virtual_mailbox_limit = 52428800

virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-maps.cf

virtual_minimum_uid = 1000

virtual_uid_maps = static:11000

virtual_transport = virtual

```

authdaemond.conf (comments removed)

```
AUTHDAEMOND="authdaemond.mysql"
```

authdaemonrc (comments removed)

```
authmodulelist="authmysql authpam"

authmodulelistorig="authcustom authcram authuserdb authpgsql authmysql authpam"

daemons=5

version=""

authdaemonvar=/var/lib/courier-imap/authdaemon
```

authmysqlrc (comments removed)

```
MYSQL_SERVER            localhost

MYSQL_USERNAME          mailsql

MYSQL_PASSWORD          sorry_but_this_is_not_the_real_password ;-)

MYSQL_PORT              0

MYSQL_OPT               0

MYSQL_DATABASE          mailsql

MYSQL_USER_TABLE        users

MYSQL_CLEAR_PWFIELD     clear

MYSQL_UID_FIELD         uid

MYSQL_GID_FIELD         gid

MYSQL_LOGIN_FIELD       email

MYSQL_HOME_FIELD        homedir

MYSQL_NAME_FIELD        name

MYSQL_MAILDIR_FIELD     maildir
```

imapd

```
ADDRESS=0

PORT=143

MAXDAEMONS=40

MAXPERIP=4

PIDFILE=/var/run/imapd.pid

TCPDOPTS="-nodnslookup -noidentlookup"

AUTHMODULES="authdaemon"

AUTHMODULES_ORIG="authdaemon"

DEBUG_LOGIN=2

IMAP_CAPABILITY="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE"

IMAP_KEYWORDS=1

IMAP_CAPABILITY_ORIG="IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA AUTH=CRAM-MD5 AUTH=CRAM-SHA1 IDLE"

IMAP_IDLE_TIMEOUT=60

IMAP_CAPABILITY_TLS="$IMAP_CAPABILITY AUTH=PLAIN"

IMAP_CAPABILITY_TLS_ORIG="$IMAP_CAPABILITY_ORIG AUTH=PLAIN"

IMAP_DISABLETHREADSORT=0

IMAP_CHECK_ALL_FOLDERS=0

IMAP_OBSOLETE_CLIENT=0

IMAP_ULIMITD=65536

IMAP_USELOCKS=0

IMAP_ENHANCEDIDLE=0

IMAP_TRASHFOLDERNAME=Trash

IMAP_EMPTYTRASH=Trash:7

IMAP_MOVE_EXPUNGE_TO_TRASH=0

SENDMAIL=/usr/sbin/sendmail

HEADERFROM=X-IMAP-Sender

IMAPDSTART=NO

MAILDIR=.maildir

PRERUN=

PORT=143,993

MAXPERIP=60

MAILDIR=Maildir
```

mysql -u mailsql -p mailsql

```
mysql> select * from users;

+----+----------------------------+---------+-------------------+------+------+--------------+-------------------------------------------------+-------+---------+

| id | email                      | clear   | name              | uid  | gid  | homedir      | maildir                                         | quota | postfix |

+----+----------------------------+---------+-------------------+------+------+--------------+-------------------------------------------------+-------+---------+

|  1 | thiemo@thiam.ch            | you_d_like_to_know ;-) | local user thiemo | 1000 |  500 | /home/thiemo | /home/thiemo/Maildir/                           |       | y       |

|  2 | thiemo@hace-fadi-smezza.ch | you_d_like_to_know ;-)  | User thiemo       | 1101 | 1101 | /home/vmail  | /home/vmail/hace-fadi-smezza.ch/thiemo/Maildir/ |       | y       |

+----+----------------------------+---------+-------------------+------+------+--------------+-------------------------------------------------+-------+---------+

```

```
mysql> select * from transport;

+----+---------------------+-------------+

| id | domain              | destination |

+----+---------------------+-------------+

|  1 | thiam.ch            | local:      |

|  2 | hace-fadi-smezza.ch | virtual:    |

+----+---------------------+-------------+

```

```
mysql> select * from alias;

+----+------------+-----------------+

| id | alias      | destination     |

+----+------------+-----------------+

|  1 | root       | thiemo@thiam.ch |

|  2 | postmaster | thiemo@thiam.ch |

+----+------------+-----------------+

```

Tables "virtual" and "relocated" are empty.

Cheers and kind regards

Thiemo

----------

## kaidon

What are the uid/gid of your vmail user?

There seems to be a mess with those.

In your main.cf you have:

virtual_gid_maps = static:11000 

virtual_uid_maps = static:11000

But in your mysql table you have: (for thiemo@hace-fadi-smezza.ch)

uid: 1101

gid: 1101

My guess is that 11000/11000 is correct. Since you defined these static in main.cf that would explaine why postfix can deliver mail.

But Courier-imap gets the uid/gid out of the mysql users table which seem to be wrong. Ergo "Permission denied".

Eather change uid/gid in your mysql users table or also make them static for courier-imap by changing your authmysqlrc to: (the quotes are _required_)

MYSQL_UID_FIELD         '11000'

MYSQL_GID_FIELD         '11000'

ATTENTION: update your courier-imap.

http://www.gentoo.org/security/en/glsa/glsa-200408-19.xml

hth

cheers

k

btw: beschti grüess us em Bündnerland ins Unterland  :Wink: 

----------

## Thiemo

 *kaidon wrote:*   

> What are the uid/gid of your vmail user?
> 
> There seems to be a mess with those.
> 
> In your main.cf you have:
> ...

 

Oops!  :Shocked: 

You are perfectly right. I changed the ids in the database to 11000 (each) and now it works perfectly well.  :Laughing: 

 *kaidon wrote:*   

> ATTENTION: update your courier-imap.
> 
> http://www.gentoo.org/security/en/glsa/glsa-200408-19.xml

 

already doing in the background.

 *kaidon wrote:*   

> btw: beschti grüess us em Bündnerland ins Unterland 

 

mässi. au liäbi grüess vo Winti is Bündnerland.  :Cool: 

----------

## kiksen

Wonderful insight ... made that exact oops myself  :Embarassed:  , but now it works  :Cool: 

----------

## dkaplowitz

Hello,

Thanks for this thread. It helped me get past a block in my configuration. I see that the gid/uid of a virtual user's uid in the MySQL table should correspond to what's set in virtual_gid_maps/virtual_uid_maps (though I haven't yet tested virtual user acces), but that a local user's gid/uid in MySQL should correspond to his local uid on the system, since I was having problems logging in to squirrelmail with a local user with a local uid of 1001.

Cheers,

Dave

----------

