[Dovecot] dovecot -n FATAL

[Phil]

On 6/02/2014 6:23 PM, Steffen Kaiser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 6 Feb 2014, Phil wrote:
>
>> Im new to postfix-dovecot
>
> and Unix/Linux, too?
>
Technically yes! Less than 2 years experience running a live server . . .

>>                           and im mystified by the following results 
>> in ubuntu 10.04lts
>>
>> :~$ dovecot -n
>> # 1.2.9: /etc/dovecot/dovecot.conf
>> Error: ssl_key_file: Can't use /etc/ssl/private/ssl-mail.key: 
>> Permission denied
>> Fatal: Invalid configuration in /etc/dovecot/dovecot.conf
>>
>> ~$ sudo ls -dl /etc/ssl/private/ssl-mail.key
>> lrwxrwxrwx 1 root root 38 2013-11-27 08:35 
>> /etc/ssl/private/ssl-mail.key -> /etc/ssl/private/ssl-cert-snakeoil.key
>
> You show us the symbolic link, which has all Unix permissions usually. 
> The interessting file is the final target, e.g. 
> /etc/ssl/private/ssl-cert-snakeoil.key if that is no symlink as well, 
> and the permissions of all directories to it.
>
> For instance, Debian uses the perms for the private dir:
>
> drwx--x--- 2 root ssl-cert 4096 Jul  4  2012 /etc/ssl/private/
>
> I think it looks the same on your Ubuntu machine. So add
> the Dovecot user to group ssl-cert to let it enter the directory
> at all. The Snakeoil key is usually group-readable for ssl-cert, too.
> So no change of permissions necessary there as well.

I did this and my perms look like thus now:


total 8
-rw------- 1 root    dovecot  887 2013-11-25 11:33 dovecot.pem
-rw-r----- 1 dovecot ssl-cert 887 2013-11-17 12:27 ssl-cert-snakeoil.key
lrwxrwxrwx 1 root    root      38 2013-11-27 08:35 ssl-mail.key -> 
/etc/ssl/priv ate/ssl-cert-snakeoil.key

and dovecot -n is the same, as i said before its delivering mail ok i 
would ike to fix this and hopefully understand it a bit better. Thanks.
>
> - -- Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----