https://bugzilla.novell.com/show_bug.cgi?id=874094 https://bugzilla.novell.com/show_bug.cgi?id=874094#c0 Summary: Dovecot passwd-file authentication and AppArmor Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: openSUSE 13.1 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: neocube216@gmail.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 No profile for dovecot's passwd-file in apparmor. Reproducible: Always Steps to Reproduce: I have opensuse 13.1 and package dovecot21-2.1.17-2.1.2.x86_64, whole system updated. I use virtual users and passwd-file authentication, this is output dovecot -n: <pre> # 2.1.17: /etc/dovecot/dovecot.conf # OS: Linux 3.11.10-7-desktop x86_64 openSUSE 13.1 (x86_64) auth_mechanisms = plain login auth_verbose = yes disable_plaintext_auth = no first_valid_gid = 999 first_valid_uid = 999 last_valid_gid = 999 last_valid_uid = 999 mail_location = maildir:~ managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { args = /etc/dovecot/vpasswd driver = passwd-file } pop3_uidl_format = %g protocols = imap pop3 ssl = no userdb { args = uid=vmail gid=vmail home=/var/spool/mail/%u driver = static } </pre> User 999 and group 999 is vmail. Here is content my vpasswd file (only for test): <pre> user1@example.org:{PLAIN}password </pre> I set these Permissions: <pre> -r-------- 1 dovecot root ... vpasswd </pre> Test over telnet: <pre> telnet localhost 110 Trying ::1... Connected to localhost. Escape character is '^]'. +OK Dovecot ready. USER user1@example.org +OK PASS password -ERR Authentication failed. </pre> Actual Results: In mail log is this error: <pre> dovecot: auth: Error: passwd-file /etc/dovecot/vpasswd: open(/etc/dovecot/vpasswd) failed: Permission denied (euid=482(dovecot) egid=479(dovecot) missing +w perm: /etc/dovecot/vpasswd, dir owned by 0:0 mode=0755) dovecot: auth: passwd-file(user1@example.org,::1,): no passwd file: /etc/dovecot/vpasswd </pre> Expected Results: Authentication in telnet: <pre> +OK Logged in. </pre> in mail log: <pre> dovecot: pop3-login: Login: user=, method=PLAIN, rip=::1, lip=::1, mpid=6125, secured, session=<jGl6zzf3TwAAAAAAAAAAAAAAAAAAAAAB> </pre> Problem is IMHO in AppArmor, repair: Into file: <pre> /etc/apparmor.d/local/usr.lib.dovecot.auth: </pre> add row: <pre> /etc/dovecot/vpasswd r, </pre> and then it works properly! -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.