Failed to open autoreply file /home/youngguns.nl/autoreply-ar@youngguns.nl.txt : Permission denied

I think this started since the last virtualmin update. By default our home directories are only readable by user and group (drwxr-x---) so users can't peek in each others home dirs.

Status: 
Active

Comments

Normally Virtualmin avoids this permissions issue by creating the directory /home/virtualmin or /var/virtualmin-autoreply , and hard linking from that directory to the files in users' homes.

Are those directories perhaps on different filesystems on your system?

The dir /home/virtualmin-autoreply which contains

124626731310415-replies-user@example.com.dir & 124626731310415-replies-user@example.com.pag

files for autoreplies. In the homedir of the domain are

autoreply-user@example.com.txt

files.

ls -l /home/youngguns.nl/reply

-rw-r--r-- 1 youngguns.nl youngguns.nl 127 Jun 2 11:49 /home/youngguns.nl/autoreply-ar@youngguns.nl.txt -rw-r--r-- 1 youngguns.nl youngguns.nl 2598 Dec 1 2009 /home/youngguns.nl/autoreply-ftptest@youngguns.nl.txt -rw-r--r-- 1 youngguns.nl youngguns.nl 403 Jan 12 11:57 /home/youngguns.nl/autoreply-rob@youngguns.nl.txt -rw-r--r-- 1 youngguns.nl youngguns.nl 373 May 19 13:57 /home/youngguns.nl/autoreply-sjors@youngguns.nl.txt

ls -l /home/virtualmin-autoreply/youngguns

-rwx------ 1 nobody nobody 4096 Jun 1 05:35 /home/virtualmin-autoreply/121382042816449-replies-rob@youngguns.nl.dir -rwx------ 1 nobody nobody 16384 Jun 2 09:09 /home/virtualmin-autoreply/121382042816449-replies-rob@youngguns.nl.pag -rwx------ 1 nobody nobody 4096 May 16 17:30 /home/virtualmin-autoreply/121382042816449-replies-sjors@youngguns.nl.dir -rwx------ 1 nobody nobody 16384 May 19 13:54 /home/virtualmin-autoreply/121382042816449-replies-sjors@youngguns.nl.pag

I'm not sure why and when the .dir and .pag files are created, those this have something to to with the auotreply options (only reply between ... and only reply once per ...)

I saw to files in the /home/virtualmin-autoreply dir which where owned by mailman:mailman but I don't know why this happens. I'm not able to reproduce this.

Postfix show a successful delivery:

Jun 2 11:50:24 stevie.youngguns.nl postfix/local[22865]: [ID 197553 mail.info] 3E16034DCF: to=ar-youngguns.nl@stevie.youngguns.nl, orig_to=ar@youngguns.nl, relay=local, delay=2.3, delays=0.05/0/0/2.2, dsn=2.0.0, status=sent (delivered to command: /etc/webmin/virtual-server/autoreply.pl /home/youngguns.nl/autoreply-ar@youngguns.nl.txt ar@youngguns.nl )

I assume autoreply.pl is running as root?

ls -ldv /home/youngguns.nl/

drwxr-x---+ 11 youngguns.nl youngguns.nl 18 Jun 2 11:49 /home/youngguns.nl/ 0:user:nobody:list_directory/read_data/execute:allow 1:owner@::deny 2:owner@:list_directory/read_data/add_file/write_data/add_subdirectory /append_data/write_xattr/execute/write_attributes/write_acl /write_owner:allow 3:group@:add_file/write_data/add_subdirectory/append_data:deny 4:group@:list_directory/read_data/execute:allow 5:everyone@:list_directory/read_data/add_file/write_data /add_subdirectory/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 6:everyone@:read_xattr/read_attributes/read_acl/synchronize:allow

ls -lv /home/youngguns.nl/autoreply-ar@youngguns.nl.txt

-rw-r--r-- 1 youngguns.nl youngguns.nl 26 Jun 2 12:00 /home/youngguns.nl/autoreply-ar@youngguns.nl.txt 0:owner@:execute:deny 1:owner@:read_data/write_data/append_data/write_xattr/write_attributes /write_acl/write_owner:allow 2:group@:write_data/append_data/execute:deny 3:group@:read_data:allow 4:everyone@:write_data/append_data/write_xattr/execute/write_attributes /write_acl/write_owner:deny 5:everyone@:read_data/read_xattr/read_attributes/read_acl/synchronize :allow

Text in 'bounce' mail when autoreply is enabled:

Failed to open autoreply file /home/youngguns.nl/autoreply-ar@youngguns.nl.txt : Permission denied

Are /home/virtualmin-autoreply and /home/youngguns.nl on different filesystems?

They are automounted:

/home/virtualmin-autoreply on /export/home/virtualmin-autoreply read/write/setuid/devices/dev=2d50003 on Wed Jun 2 22:16:25 2010

/home/youngguns.nl on /export/home/youngguns.nl read/write/setuid/devices/dev=2d5009a on Tue Jun 1 16:23:26 2010

/export/home/youngguns.nl is a zfs filesystem (like all other homedirs)

tank/home/youngguns.nl 9.05G 975M 9.05G /export/home/youngguns.nl

/export/home/virtualmin-autoreply is just a dir in the root filesystem.

Ok, that explains it .. when they are auto-mounted, Virtualmin will not be able to create the hard link it needs to get around permissions issues from /home/virtualmin-autoreply.

Postfix reads autoreply files as the "nobody" user, so the only way it can read those files is if the domain's home directories are made world-readable (at least mode 751). However, you may want to avoid this for security reasons.

Ok, that explains it .. when they are auto-mounted, Virtualmin will not be able to create the hard link it needs to get around permissions issues from /home/virtualmin-autoreply.

Postfix reads autoreply files as the "nobody" user, so the only way it can read those files is if the domain's home directories are made world-readable (at least mode 751). However, you may want to avoid this for security reasons.