switching to the new configuration removes user then tries to chown with that user

Question

switching to the new configuration removes user then tries to chown with that user

phdoerfler opened this issue 7 years ago · comments

I pulled the new master but when invoking nixos-rebuild switch I got the following error:

updating GRUB 2 menu...
stopping the following units: dovecot2.service, postfix.service
activating the configuration...
removing user ‘myuser@example.com’
setting up /etc...
removing obsolete symlink ‘/etc/pam.d/dovecot2’...
setting up tmpfiles
reloading the following units: dbus.service
starting the following units: dovecot2.service, postfix.service
warning: the following units failed: activate-virtual-mail-users.service

● activate-virtual-mail-users.service
   Loaded: loaded (/nix/store/aap7y02gl2cm1f4pk5jmlbmi7q9rm25a-unit-activate-virtual-mail-users.service/activate-virtual-mail-users.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2018-02-22 21:42:19 UTC; 2s ago
  Process: 22846 ExecStart=/nix/store/3wrhfxrqnyi554j43pdbv9mqm22axqr1-activate-virtual-mail-users (code=exited, status=1/FAILURE)
 Main PID: 22846 (code=exited, status=1/FAILURE)

Feb 22 21:42:18 turtle systemd[1]: Started activate-virtual-mail-users.service.
Feb 22 21:42:19 turtle 3wrhfxrqnyi554j43pdbv9mqm22axqr1-activate-virtual-mail-users[22846]: chown: invalid user: ‘myuser@example.com:virtualMail’
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Main process exited, code=exited, status=1/FAILURE
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Unit entered failed state.
Feb 22 21:42:19 turtle systemd[1]: activate-virtual-mail-users.service: Failed with result 'exit-code'.
warning: error(s) occurred while switching to the new configuration

Why does my user myuser@example.com get removed in the first place?

Robin Raymond · Answer 1 · Fri Feb 23 2018 05:55:26 GMT+0800 (China Standard Time)

The new release v2.1 uses virtual users instead of system users. It is documented in the new release mail. Is the activate-virtual-mail-users something specific to your configuration?

Philipp Dörfler · Answer 2 · Fri Feb 23 2018 05:59:39 GMT+0800 (China Standard Time)

This reminds me that I meant to subscribe to that mailing list. My bad!

Robin Raymond · Answer 3 · Fri Feb 23 2018 06:00:06 GMT+0800 (China Standard Time)

Nvm, the problem is the sieve folders,

mail-server/users.nix:          chown "${name}:${vmailGroupName}" "/var/sieve/${name}"
mail-server/users.nix:        chown "${name}:${vmailGroupName}" "/var/sieve/${name}/default.sieve"

does it work if you change the lines to chown "${vmailUserName}:${vmailGroupName}" ...?

Philipp Dörfler · Answer 4 · Fri Feb 23 2018 06:05:00 GMT+0800 (China Standard Time)

Changing those two ${name} into ${vmailUserName} results in this:

$ nixos-rebuild switch
building Nix...
building the system configuration...
these derivations will be built:
  /nix/store/za3g159x9qps2kd5zfgrf1slmj85h2pz-activate-virtual-mail-users.drv
  /nix/store/95wca2v9973q8mhlcyl98av2xh25xv43-unit-activate-virtual-mail-users.service.drv
  /nix/store/6sb9vbsj7wck0pf9wy90x5ypljjdccsk-system-units.drv
  /nix/store/3ciarygy6d0zzsbm8x54b0b654bn1qis-etc.drv
  /nix/store/nqa8bw16k6jal9dz3zr5ijml36862n42-nixos-system-turtle-17.09.3036.bbcd0efcb63.drv
building path(s) ‘/nix/store/nw41y00443p3a2fvzjls74zgqh5wv2r2-activate-virtual-mail-users’
building path(s) ‘/nix/store/m6pa1frnlazb9f4mqv9d9a7mg5jr853k-unit-activate-virtual-mail-users.service’
building path(s) ‘/nix/store/6s52wclg5x1945c9ffqylcsksm2aq98d-system-units’
building path(s) ‘/nix/store/9azkki8fbr867ihmawmbzk9njjyykm6m-etc’
building path(s) ‘/nix/store/rhj9bnk2fmdglic9f5a68npcrcdpay11-nixos-system-turtle-17.09.3036.bbcd0efcb63’
updating GRUB 2 menu...
activating the configuration...
setting up /etc...
setting up tmpfiles

Looking good to me. Is this what you'd expect?

Robin Raymond · Answer 5 · Fri Feb 23 2018 06:08:21 GMT+0800 (China Standard Time)

Depends on if the sieve scripts still work :) Unfortunately we don't have any sieve tests in our test suite, so it slipped through the CI.

Philipp Dörfler · Answer 6 · Fri Feb 23 2018 06:31:29 GMT+0800 (China Standard Time)

While testing if the sieve scripts would work (and chowning my vmail directory of course) I ran into this which appeared in the logs the moment I sent a test email to myself from a different account:

Feb 22 22:28:09 turtle postfix/smtpd[30556]: fatal: host/service mailstore.example.com/12340 not found: Name or service not known

Is this related?

The mail was not delivered.

Edit:

This seems to be the offending line in postfix.nix:

        # quota
        smtpd_recipient_restrictions = check_policy_service inet:mailstore.example.com:12340

I am a bit puzzled as to why the tests run OK indicating mail gets delivered - yet it doesn't. At least on my server and this line looks awfully fishy to me.

Edit 2:

From https://blog.sys4.de/postfix-dovecot-mailbox-quota-en.html via https://wiki2.dovecot.org/Quota:

In this example the frontend server's very last test in smtpd_recipient_restrictions instructs Postfix to contact the Dovecot policy-server at mailstore.example.com on port 12340.

Philipp Dörfler · Answer 7 · Fri Feb 23 2018 07:02:29 GMT+0800 (China Standard Time)

Having removed the offending line in postfix.nix my test mail got delivered to the sub folder as instructed by the sieve script. I'd say it works.

John Boehr · Answer 8 · Sat Feb 24 2018 07:02:43 GMT+0800 (China Standard Time)

Not sure if related, but after upgrading my /var/vmail was still owned by the previous user id 1000. After running sudo chown -Rf virtualMail /var/vmail/ it seems to be working again. I did try to upgrade to 2.1.1 earlier.