Results 1 to 8 of 8

Thread: Endless permissions problems

  1. #1
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default Endless permissions problems

    Server has been running without changes.
    Updated to Release 8.0.5_GA_5839.RHEL6_64_20130910123908 RHEL6_64 FOSS edition.
    after problem started, still the same.
    Server seems to be running fine, but some users complain that their ZWC is bahaving starnge, showing mails in inbox (10) but no mail visible.
    Below is some more info, I searched and tried everything I could find relating to this, but no luck yet.
    Any other pointers I might try?

    zmfixperms --extended
    restarted zimbra
    checked /etc/sudoers
    /opt/zimbra/postfix/sbin/postqueue did not have Set-GID set, set now, restarted, not change.

    [zimbra@mail root]$ postqueue -p
    postqueue: fatal: Connect to the Postfix showq service: Permission denied


    [root@mail ~]# ls -ld /opt/zimbra/postfix/sbin/postqueue /opt/zimbra/data/postfix/spool/public/* /opt/zimbra/data/postfix/spool/maildrop
    drwx-wx---. 2 postfix postdrop 12288 Oct 4 12:53 /opt/zimbra/data/postfix/spool/maildrop
    srw-rw-rw- 1 postfix postfix 0 Oct 4 12:41 /opt/zimbra/data/postfix/spool/public/cleanup
    srw-rw-rw- 1 postfix postfix 0 Oct 4 12:41 /opt/zimbra/data/postfix/spool/public/flush
    srw-rw-rw- 1 postfix postfix 0 Oct 4 12:41 /opt/zimbra/data/postfix/spool/public/pickup
    srw-rw-rw- 1 postfix postfix 0 Oct 4 12:41 /opt/zimbra/data/postfix/spool/public/qmgr
    srw-rw-rw- 1 postfix postfix 0 Oct 4 12:41 /opt/zimbra/data/postfix/spool/public/showq
    -rwxr-xr-x 1 root postdrop 892368 Jul 6 02:14 /opt/zimbra/postfix/sbin/postqueue


    Don't know why it's complaining about starting running everything in root?
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmamavisdctl: (Cannot run program "/opt/zimbra/bin/zmamavisdctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmclamdctl: (Cannot run program "/opt/zimbra/bin/zmclamdctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/ldap: (Cannot run program "/opt/zimbra/bin/ldap" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmloggerctl: (Cannot run program "/opt/zimbra/bin/zmloggerctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmstorectl: (Cannot run program "/opt/zimbra/bin/zmstorectl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmmailboxdctl: (Cannot run program "/opt/zimbra/bin/zmmailboxdctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmmtactl: (Cannot run program "/opt/zimbra/bin/zmmtactl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmopendkimctl: (Cannot run program "/opt/zimbra/bin/zmopendkimctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmsaslauthdctl: (Cannot run program "/opt/zimbra/bin/zmsaslauthdctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmswatchctl: (Cannot run program "/opt/zimbra/bin/zmswatchctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmspellctl: (Cannot run program "/opt/zimbra/bin/zmspellctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmstatctl: (Cannot run program "/opt/zimbra/bin/zmstatctl" (in directory "/root"): error=13, Permission denied)
    Oct 4 13:20:26 mail zmconfigd[32185]: Exception in bin/zmclamdctl: (Cannot run program "/opt/zimbra/bin/zmclamdctl" (in directory "/root"): error=13, Permission denied)

    Oct 4 13:20:30 mail postfix/postqueue[4288]: fatal: Connect to the Postfix showq service: Permission denied

  2. #2
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    [root@mail ~]# cat /etc/fstab

    #
    # /etc/fstab
    # Created by anaconda on Mon Mar 18 15:02:51 2013
    #
    # Accessible filesystems, by reference, are maintained under '/dev/disk'
    # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
    #
    /dev/mapper/vg_mail-lv_root / ext4 defaults 1 1
    UUID=9b00e9db-ab06-4cbf-b1a7-e87c1e0c6c0e /boot ext4 defaults 1 2
    /dev/mapper/vg_mail-lv_home /opt ext4 defaults 1 2
    /dev/mapper/vg_mail-lv_swap swap swap defaults 0 0
    tmpfs /dev/shm tmpfs defaults 0 0
    devpts /dev/pts devpts gid=5,mode=620 0 0
    sysfs /sys sysfs defaults 0 0
    proc /proc proc defaults 0 0

  3. #3
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Also in logs:
    Code:
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: the Postfix sendmail command has set-uid root file permissions
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: or the command is run from a set-uid root process
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: the Postfix sendmail command must be installed without set-uid root file permissions
    But:
    Code:
    [root@mail ~]# ls -ld /opt/zimbra/postfix/sbin/*
    lrwxrwxrwx 1 root root          54 Oct  4 10:29 /opt/zimbra/postfix/sbin/mailq -> ../../../../opt/zimbra/postfix-2.10.1.2z/sbin/sendmail
    lrwxrwxrwx 1 root root          54 Oct  4 10:29 /opt/zimbra/postfix/sbin/newaliases -> ../../../../opt/zimbra/postfix-2.10.1.2z/sbin/sendmail
    -rwxr-xr-x 1 root root      875892 Jul  6 02:14 /opt/zimbra/postfix/sbin/postalias
    -rwxr-xr-x 1 root root      455028 Jul  6 02:14 /opt/zimbra/postfix/sbin/postcat
    -rwxr-xr-x 1 root root     1084249 Jul  6 02:14 /opt/zimbra/postfix/sbin/postconf
    -rwxr-sr-x 1 root postdrop  765510 Jul  6 02:14 /opt/zimbra/postfix/sbin/postdrop
    -rwxr-xr-x 1 root root      407008 Jul  6 02:14 /opt/zimbra/postfix/sbin/postfix
    -rwxr-xr-x 1 root root      445761 Jul  6 02:14 /opt/zimbra/postfix/sbin/postkick
    -rwxr-xr-x 1 root root      433225 Jul  6 02:14 /opt/zimbra/postfix/sbin/postlock
    -rwxr-xr-x 1 root root      413017 Jul  6 02:14 /opt/zimbra/postfix/sbin/postlog
    -rwxr-xr-x 1 root root      875533 Jul  6 02:14 /opt/zimbra/postfix/sbin/postmap
    -rwxr-xr-x 1 root root      463653 Jul  6 02:14 /opt/zimbra/postfix/sbin/postmulti
    -rwxr-sr-x 1 root postdrop  892368 Jul  6 02:14 /opt/zimbra/postfix/sbin/postqueue
    -rwxr-xr-x 1 root root      478927 Jul  6 02:14 /opt/zimbra/postfix/sbin/postsuper
    -rwxr-xr-x 1 root root       12881 Jul  6 02:14 /opt/zimbra/postfix/sbin/qshape.pl
    -rwxrwxr-x 1 root root      863088 Jul  6 02:14 /opt/zimbra/postfix/sbin/sendmail
    Last edited by phoenix; 10-04-2013 at 10:04 AM.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    It makes your posts more readable if you put code tags around the output from a konsole session.

    Quote Originally Posted by ekkas View Post
    Also in logs:
    Code:
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: the Postfix sendmail command has set-uid root file permissions
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: or the command is run from a set-uid root process
    Oct  4 18:40:02 mail postfix/sendmail[2354]: warning: the Postfix sendmail command must be installed without set-uid root file permissions
    They are just that, warnings - they can be ignored as they cause no problems to your server.

    As far as your first post is concerned did you look at any of the forum threads that cover the permission problem to see if they had any answer?
    Last edited by phoenix; 02-03-2014 at 12:46 AM.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Thank you for your reply.
    As far as your first post is concerned did you look at any of the forum threads that cover the permission problem to see if they had any answer?
    Yes I did, the only one I found and did not check was:
    Seems pretty clear to me then. There's an issue with either the keystore password, or the permissions on the keystore. You'll need to fix that.
    Although LDAP is fine, MySQL is fine, hosts, DNS, and all other usual suspects are fine.
    Never had this before.
    [zimbra@mail ~]$ mailq
    postqueue: fatal: Connect to the Postfix showq service: Permission denied
    [zimbra@mail ~]$ postqueue -p
    postqueue: fatal: Connect to the Postfix showq service: Permission denied

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,470
    Rep Power
    56

    Default

    I've just realised that your display of permissions has a slight difference to mine, the last entry for postqueue has set group ID (SGID) (everything else is OK) rather than the ones yours shows. Here's the output from my server:

    Code:
    ls -ld /opt/zimbra/postfix/sbin/postqueue /opt/zimbra/data/postfix/spool/public/* /opt/zimbra/data/postfix/spool/maildrop
    drwx-wx--- 2 postfix postdrop   4096 Sep 29 18:21 /opt/zimbra/data/postfix/spool/maildrop
    srw-rw-rw- 1 postfix postfix       0 Sep 22 21:00 /opt/zimbra/data/postfix/spool/public/cleanup
    srw-rw-rw- 1 postfix postfix       0 Sep 22 21:00 /opt/zimbra/data/postfix/spool/public/flush
    srw-rw-rw- 1 postfix postfix       0 Sep 22 21:00 /opt/zimbra/data/postfix/spool/public/pickup
    srw-rw-rw- 1 postfix postfix       0 Sep 22 21:00 /opt/zimbra/data/postfix/spool/public/qmgr
    srw-rw-rw- 1 postfix postfix       0 Sep 22 21:00 /opt/zimbra/data/postfix/spool/public/showq
    -rwxr-sr-x 1 root    postdrop 892368 Jul  6 02:14 /opt/zimbra/postfix/sbin/postqueue
    Try running zmfixperms again to see if that fixes it, if it doesn't then manually change it and if that works - if it does can you please file a bug report.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Thanks for that,
    the last entry for postqueue has set group ID (SGID)
    I eagerly changed it manually before realizing your intent.
    However even after a server reboot, the problem remains:
    [zimbra@mail ~]$ mailq
    postqueue: fatal: Connect to the Postfix showq service: Permission denied
    [zimbra@mail ~]$ postqueue -p
    postqueue: fatal: Connect to the Postfix showq service: Permission denied
    [zimbra@mail ~]$
    I'm busy preparing a new VM to do a raw '32-64 bit' style transfer and hope it will fix it if I don't get it resolved soon.

  8. #8
    ekkas is offline Special Member
    Join Date
    Feb 2010
    Location
    South Africa
    Posts
    107
    Rep Power
    5

    Default

    Well I did the 32-64 bit style transfer and it worked. For a week.
    Now the problem have returned. We have had no power failures (big UPS's), no other issues.
    Zimbra run alone as a KVM VM on an I7 with 6GB RAM and 4 CPUs dedicated, host server has no issues and performance is great.

    I cannot understand how, with noone touching the box, these permission problems can just appear.
    I cannot re-do the whole server every week so I really need to drill down what the cause of this is.
    Any help would be appreciated.
    All logs/errors are same as above:
    from zimbra.log
    Oct 9 09:55:30 mail postfix/postqueue[14720]: fatal: Queue report unavailable - mail system is down

    [zimbra@mail ~]$ mailq
    postqueue: fatal: Queue report unavailable - mail system is down
    [zimbra@mail ~]$ Oct 9 09:55:30 mail postfix/postqueue[14720]: fatal: Queue report unavailable - mail system is down

    But all services show up:
    antispam Running
    antivirus Running
    ldap Running
    logger Running
    mailbox Running
    mta Running
    opendkim Running
    snmp Running
    spell Running
    stats Running
    zmconfigd Running

    Regards
    Ekkas

    PS: I just ran zmfixperms(yes, as root) and restarted services and mailq is working again but for some reason I do not think it will stick.
    At least server seems to be mailing again.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. endless error reports
    By bobfurey in forum Error Reports
    Replies: 4
    Last Post: 04-24-2014, 07:13 AM
  2. Zimbra Desktop endless calendar sync bug
    By check-ict in forum General Questions
    Replies: 0
    Last Post: 05-29-2012, 05:22 AM
  3. Replies: 22
    Last Post: 04-27-2010, 12:17 PM
  4. Endless Error Reports
    By ljarmin in forum General Questions
    Replies: 8
    Last Post: 10-16-2008, 03:32 PM
  5. Replies: 3
    Last Post: 12-01-2007, 01:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •