Mailinglist Archive: opensuse-bugs (2150 mails)

< Previous Next >
[Bug 874094] New: Dovecot passwd-file authentication and AppArmor
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Thu, 17 Apr 2014 07:19:21 +0000
  • Message-id: <>

Summary: Dovecot passwd-file authentication and AppArmor
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: AppArmor
AssignedTo: suse-beta@xxxxxxxxx
ReportedBy: neocube216@xxxxxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101

No profile for dovecot's passwd-file in apparmor.

Reproducible: Always

Steps to Reproduce:
I have opensuse 13.1 and package dovecot21-2.1.17-2.1.2.x86_64, whole system
I use virtual users and passwd-file authentication, this is output dovecot -n:
# 2.1.17: /etc/dovecot/dovecot.conf
# OS: Linux 3.11.10-7-desktop x86_64 openSUSE 13.1 (x86_64)
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
first_valid_gid = 999
first_valid_uid = 999
last_valid_gid = 999
last_valid_uid = 999
mail_location = maildir:~
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date ihave
passdb {
args = /etc/dovecot/vpasswd
driver = passwd-file
pop3_uidl_format = %g
protocols = imap pop3
ssl = no
userdb {
args = uid=vmail gid=vmail home=/var/spool/mail/%u
driver = static
User 999 and group 999 is vmail. Here is content my vpasswd file (only for
I set these Permissions:
-r-------- 1 dovecot root ... vpasswd
Test over telnet:
telnet localhost 110
Trying ::1...
Connected to localhost.
Escape character is '^]'.
+OK Dovecot ready.
USER user1@xxxxxxxxxxx
PASS password
-ERR Authentication failed.

Actual Results:
In mail log is this error:
dovecot: auth: Error: passwd-file /etc/dovecot/vpasswd:
open(/etc/dovecot/vpasswd) failed: Permission denied (euid=482(dovecot)
egid=479(dovecot) missing +w perm: /etc/dovecot/vpasswd, dir owned by 0:0
dovecot: auth:
passwd-file(user1@xxxxxxxxxxx,::1,<C8+XuiP38wAAAAAAAAAAAAAAAAAAAAAB>): no
passwd file: /etc/dovecot/vpasswd

Expected Results:
Authentication in telnet:
+OK Logged in.
in mail log:
dovecot: pop3-login: Login: user=<user1@xxxxxxxxxxx>, method=PLAIN, rip=::1,
lip=::1, mpid=6125, secured, session=<jGl6zzf3TwAAAAAAAAAAAAAAAAAAAAAB>

Problem is IMHO in AppArmor, repair:
Into file:
add row:
/etc/dovecot/vpasswd r,
and then it works properly!

Configure bugmail:
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >
Follow Ups