[Dovecot] dovecot/deliver ... Can't open log file /var/log/dovecot/error.log: Permission denied

Phil Howard ttiphil at gmail.com
Mon May 10 21:45:20 EEST 2010


Just realized my email was not going to the list.

On Mon, May 10, 2010 at 14:20, Romer Ventura <rventura at h-st.com> wrote:

> I am using static uids:
> mail_uid = vmail
> mail_gid = vmail
> user = vmail
> group = vmail
>
> else it will do what you describe.
>

I have that, too.  But it's not running the right userid.  Deliver is
running as the userid Postfix starts it as.  How could it be any different
since deliver is not suid root (nor should it be, afaik).  It seems that I
need to tell Postfix a specific userid to run it as (and tell it that userid
is vmail).  I haven't found how to do that, yet.

I'm also getting wrong mail_location.  The variable %d comes up empty.  I
verified that Postfix actually is passing the full user at domain, in the
message header, and in the -a argument (as coded in main.cf mainbox_command
=).

Maybe I need to make  /usr/lib/dovecot/deliver be suid vmail?  That would
open it up to logged in system users injecting into mailboxes.



> Thanks
> ------
> Romer Ventura
>
>  On Mon, May 10, 2010 at 13:59, Romer Ventura <rventura at h-st.com> wrote:
>> I had to chmod 777 for it to work..
>>
>> I did chmod 777 to see what it would do, and especially, what userid the
>> log files were owned by.  Bad news from that ... they are owned by the first
>> user I sent email to.  That seems to me to be a Postfix issue where Postfix
>> still thinks I mailing to local system users, and running the deliver
>> program under such a userid.  When I start adding users which don't have
>> local system user equivalents, that's going to be a problem
>>
>> Also, I'm finding that in mail_location = the variable %d is empty.  It
>> should be the domain.  Again, this seems like Postfix is treating local
>> delivery as all-users-are-equivalent for any local domain (and that is
>> definitely not the case).  So I need to look at some Postfix config now to
>> see how to make it pass the full email address (user at domain ... so %n@%d
>> represents the email address), and to run dovecot/deliver as user vmail.
>>
>> At least I'm not using sendmail :-)
>>
>> This old legacy "system user" thing is sure a PITA.  It should either be
>> ON or OFF.
>>  log files automatically named by the date (and maybe time) ... kind of
>> like in a shell script I would do: `date +/path/to/tree/%Y/%m/%d.log` or
>> such.
>>
>
>


More information about the dovecot mailing list