starred/zmbackup
1
0
Fork 0
mirror of https://github.com/lucascbeyeler/zmbackup.git synced 2026-04-25 07:05:55 +03:00
Code Issues 26 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #75] An exception related to ACL and permissions #51

New issue
Closed
opened 2026-02-27 08:14:05 +03:00 by kerem · 2 comments
kerem commented 2026-02-27 08:14:05 +03:00
Owner
Copy link

Originally created by @binaryhouse on GitHub (Apr 8, 2018).
Original GitHub issue: https://github.com/lucascbeyeler/zmbackup/issues/75

Originally assigned to: @lucascbeyeler on GitHub.

ISSUE TYPE
  • Bug Report
ENVIRONMENT VERSION
  • Zmbackup Version: zmbackup version: 1.2.0
  • Zimbra Version: Zimbra Version: 8.8.7_GA_1964.FOSS
  • Linux Distribution & Version: OS version: Linux mail.xxxx.xxx 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

We are actually experiencing some issues while doing a full backup (zmbackup -f). The log contains warnings that reffers to acl / permission problems (see the attachment) for every user (an exception is generated per user).
It might be caused by an inconsistency in versions, since we do have the up-to-date version of Zimbra.
Backup and restore process of mails seems to work without problems, however I checked emails only (I did not check other features if they work correctly).

STEPS TO REPRODUCE
Just check the log files.
ACTUAL RESULTS
2018-04-03 13:11:46,773 WARN  [qtp998351292-50348:https:https://XXX.XX.XXX.XXX:7071/home/gitlab@blabla.blabla/?fmt=tgz] [name=public;mid=14;ip=XXX.XXX.XXX.XXX;port=48264;] acl - right denied
com.zimbra.common.service.ServiceException: permission denied: not an eligible admin account
ExceptionId:qtp998351292-50348:https:https://XXX.XX.XXX.XXX:7071/home/gitlab@blabla.blabla/?fmt=tgz:1522753906773:ad56081881cc5439
Code:service.PERM_DENIED Arg:(NOT_EFFECTIVE_DELEGATED_ADMIN_ACCOUNT, STR, "VIOLATED")
        at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:322)
        at com.zimbra.cs.account.accesscontrol.HardRules.checkHardRules(HardRules.java:95)
        at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canDo(ACLAccessManager.java:244)
        at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canDo(ACLAccessManager.java:206)
        at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canAccessAccount(ACLAccessManager.java:124)
        at com.zimbra.cs.mailbox.Folder.checkRights(Folder.java:485)
        at com.zimbra.cs.mailbox.MailItem.canAccess(MailItem.java:1269)
        at com.zimbra.cs.mailbox.MailItem.canAccess(MailItem.java:1248)
        at com.zimbra.cs.mailbox.Mailbox.checkAccess(Mailbox.java:2696)
        at com.zimbra.cs.mailbox.Mailbox.getItemById(Mailbox.java:2865)
        at com.zimbra.cs.mailbox.Mailbox.getItemById(Mailbox.java:2856)
        at com.zimbra.cs.mailbox.Mailbox.getFolderById(Mailbox.java:4109)
        at com.zimbra.cs.mailbox.Mailbox.getItemByPath(Mailbox.java:3408)
        at com.zimbra.cs.mailbox.Mailbox.getItemByPath(Mailbox.java:3388)
        at com.zimbra.cs.service.util.UserServletUtil.resolveItem(UserServletUtil.java:153)
        at com.zimbra.cs.service.UserServlet.resolveItem(UserServlet.java:484)
        at com.zimbra.cs.service.UserServlet.doAuthGet(UserServlet.java:503)
        at com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:314)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
        at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685)
        at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.common.filters.Base64Filter.doFilter(Base64Filter.java:63)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:107)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318)
        at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318)
        at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437)
        at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)
        at org.eclipse.jetty.server.Server.handle(Server.java:517)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261)
        at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)
        at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)
        at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)
        at java.lang.Thread.run(Thread.java:748)
Originally created by @binaryhouse on GitHub (Apr 8, 2018). Original GitHub issue: https://github.com/lucascbeyeler/zmbackup/issues/75 Originally assigned to: @lucascbeyeler on GitHub. <!-- Before open an issue, please remember to check our Google Group (link in README.md) and the other issues. Maybe what you want is already answered. You don't need to answer all the questions below, just answer what is pertinent to what you want (You don't need to explain the steps to reproduce and the results if your issue is about the documentation) --> <!-- ISSUE TYPE: Inform what kind of issue we are talking about. Choose only one option. --> ##### ISSUE TYPE - Bug Report <!-- ENVIRONMENT VERSION: Describe the environment you are using the Zmbackup and its version. --> ##### ENVIRONMENT VERSION - Zmbackup Version: zmbackup version: 1.2.0 - Zimbra Version: Zimbra Version: 8.8.7_GA_1964.FOSS - Linux Distribution & Version: OS version: Linux mail.xxxx.xxx 3.10.0-693.21.1.el7.x86_64 #1 SMP Wed Mar 7 19:03:37 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux <!-- SUMMARY: Describe your issue in this field. The more detailed you gave us, more easy and fast will be for us to debug and fix the software. --> We are actually experiencing some issues while doing a full backup (zmbackup -f). The log contains warnings that reffers to acl / permission problems (see the attachment) for every user (an exception is generated per user). It might be caused by an inconsistency in versions, since we do have the up-to-date version of Zimbra. Backup and restore process of mails seems to work without problems, however I checked emails only (I did not check other features if they work correctly). <!--- SUMMARY:For bugs, show exactly how to reproduce the problem, using a minimal test-case. For new features, show how the feature would be used. --> ##### STEPS TO REPRODUCE ``` Just check the log files. ``` ##### ACTUAL RESULTS ``` 2018-04-03 13:11:46,773 WARN [qtp998351292-50348:https:https://XXX.XX.XXX.XXX:7071/home/gitlab@blabla.blabla/?fmt=tgz] [name=public;mid=14;ip=XXX.XXX.XXX.XXX;port=48264;] acl - right denied com.zimbra.common.service.ServiceException: permission denied: not an eligible admin account ExceptionId:qtp998351292-50348:https:https://XXX.XX.XXX.XXX:7071/home/gitlab@blabla.blabla/?fmt=tgz:1522753906773:ad56081881cc5439 Code:service.PERM_DENIED Arg:(NOT_EFFECTIVE_DELEGATED_ADMIN_ACCOUNT, STR, "VIOLATED") at com.zimbra.common.service.ServiceException.PERM_DENIED(ServiceException.java:322) at com.zimbra.cs.account.accesscontrol.HardRules.checkHardRules(HardRules.java:95) at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canDo(ACLAccessManager.java:244) at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canDo(ACLAccessManager.java:206) at com.zimbra.cs.account.accesscontrol.ACLAccessManager.canAccessAccount(ACLAccessManager.java:124) at com.zimbra.cs.mailbox.Folder.checkRights(Folder.java:485) at com.zimbra.cs.mailbox.MailItem.canAccess(MailItem.java:1269) at com.zimbra.cs.mailbox.MailItem.canAccess(MailItem.java:1248) at com.zimbra.cs.mailbox.Mailbox.checkAccess(Mailbox.java:2696) at com.zimbra.cs.mailbox.Mailbox.getItemById(Mailbox.java:2865) at com.zimbra.cs.mailbox.Mailbox.getItemById(Mailbox.java:2856) at com.zimbra.cs.mailbox.Mailbox.getFolderById(Mailbox.java:4109) at com.zimbra.cs.mailbox.Mailbox.getItemByPath(Mailbox.java:3408) at com.zimbra.cs.mailbox.Mailbox.getItemByPath(Mailbox.java:3388) at com.zimbra.cs.service.util.UserServletUtil.resolveItem(UserServletUtil.java:153) at com.zimbra.cs.service.UserServlet.resolveItem(UserServlet.java:484) at com.zimbra.cs.service.UserServlet.doAuthGet(UserServlet.java:503) at com.zimbra.cs.service.UserServlet.doGet(UserServlet.java:314) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at com.zimbra.cs.servlet.ZimbraServlet.service(ZimbraServlet.java:206) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:821) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1685) at com.zimbra.cs.servlet.CsrfFilter.doFilter(CsrfFilter.java:169) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.RequestStringFilter.doFilter(RequestStringFilter.java:54) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.common.filters.Base64Filter.doFilter(Base64Filter.java:63) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.SetHeaderFilter.doFilter(SetHeaderFilter.java:59) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.ETagHeaderFilter.doFilter(ETagHeaderFilter.java:47) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.ContextPathBasedThreadPoolBalancerFilter.doFilter(ContextPathBasedThreadPoolBalancerFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.ZimbraQoSFilter.doFilter(ZimbraQoSFilter.java:107) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at com.zimbra.cs.servlet.ZimbraInvalidLoginFilter.doFilter(ZimbraInvalidLoginFilter.java:117) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at org.eclipse.jetty.servlets.DoSFilter.doFilterChain(DoSFilter.java:473) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:318) at org.eclipse.jetty.servlets.DoSFilter.doFilter(DoSFilter.java:288) at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1668) at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143) at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226) at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1158) at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511) at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185) at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1090) at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141) at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:213) at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.eclipse.jetty.rewrite.handler.RewriteHandler.handle(RewriteHandler.java:318) at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:437) at org.eclipse.jetty.server.handler.DebugHandler.handle(DebugHandler.java:84) at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119) at org.eclipse.jetty.server.Server.handle(Server.java:517) at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306) at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at org.eclipse.jetty.io.ssl.SslConnection.onFillable(SslConnection.java:192) at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:261) at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95) at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213) at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147) at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654) at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572) at java.lang.Thread.run(Thread.java:748) ```
kerem 2026-02-27 08:14:05 +03:00
kerem commented 2026-02-27 08:14:06 +03:00
Author
Owner
Copy link

@lucascbeyeler commented on GitHub (Apr 8, 2018):

Hello @binaryhouse,

After some checks, I notice that this is a bug from Zimbra. This error appears only in the first time you connect to that account per duration of the cookie. I don't think I can do anything about this, because the only way to download these accounts are using the URL https://:7071/home/account/?fmt=tgz

I'm not going to open a ticket in their bugzilla because I still have two bugs opened from 2 years ago and I still have no answer. :(

Regards,
Lucas Costa Beyeler

<!-- gh-comment-id:379578074 --> @lucascbeyeler commented on GitHub (Apr 8, 2018): Hello @binaryhouse, After some checks, I notice that this is a bug from Zimbra. This error appears only in the first time you connect to that account per duration of the cookie. I don't think I can do anything about this, because the only way to download these accounts are using the URL **https://<server>:7071/home/account/?fmt=tgz** I'm not going to open a ticket in their bugzilla because I still have two bugs opened from 2 years ago and I still have no answer. :( Regards, Lucas Costa Beyeler
kerem commented 2026-02-27 08:14:06 +03:00
Author
Owner
Copy link

@binaryhouse commented on GitHub (Apr 9, 2018):

Hi Lucas,

thanks fo the super-fast info. It seems that only thing, we can do about it is to tope that it'll work :)

Thanks for your time.
Regards,
Martin

<!-- gh-comment-id:379685485 --> @binaryhouse commented on GitHub (Apr 9, 2018): Hi Lucas, thanks fo the super-fast info. It seems that only thing, we can do about it is to tope that it'll work :) Thanks for your time. Regards, Martin
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
1.2-version
devel
1.2.6
1.2.5
1.2.4
1.2.3
1.2.1
1.2.0
1.2.0-RC2
1.2.0-RC
1.2.0-BETA-5
1.1.9
1.1.8
1.2.0-BETA-4
1.1.7
1.2.0-BETA-3
1.1.6
1.2.0-BETA-2
1.2.0-BETA
1.1.5
1.1.4
1.1.3
1.1.2
1.1.1
1.1.0
1.0.2
1.0.1
1.0.0
1.0.0-RC2
1.0.0-RC
Labels
Clear labels   
Bug Report

   
Enhancement

   
Enhancement

   
Feature Idea

   
Feature Idea

   
Not Implemented

   
Question

   
Question

   
Task

   
Wontfix

   
pull-request

Mirrored from GitHub Pull Request

No labels
Bug Report
Enhancement
Enhancement
Feature Idea
Feature Idea
Not Implemented
Question
Question
Task
Wontfix
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/zmbackup#51
No description provided.