debugging file permissions wrong

Laura Steynes laura.steynes72 at gmail.com
Wed Jun 2 06:16:50 EEST 2021 

Aki,
using syslog works, but using the file does not, the exact error is
in deliver log - where lda writes to ok
lda: Fatal: Can't open log file xxxxxxx: Permission denied
so log files deliver.log  owned by vmail/vmail    and  pop3 log
root/root, the debug file is created  root/root but lda is vmail user so of
course perm denied.

protocol lda  is not told any user, just path, I guess it gets its user
perms from the entry in postfix master
 when it gets its first entry to write, it then creates it, as that user?
Thats what it appears so we would need a way to set username on the debug
command, as pop3 logout is done as root it will write anyway.

On Wed, Jun 2, 2021 at 12:56 PM Laura Steynes <laura.steynes72 at gmail.com>
wrote:

> Hi,
> Yes, lda writes to deliver.log just fine, will give type syslog a try, was
> just hoping to put it into a debug file so when we sort out the issue we
> can delete the file without losing correct metadata entries
>
>
> On Tue, Jun 1, 2021 at 3:26 PM Aki Tuomi <aki.tuomi at open-xchange.com>
> wrote:
>
>>
>> > On 01/06/2021 02:35 Laura Steynes <laura.steynes72 at gmail.com> wrote:
>> >
>> >
>> > Hi,
>> >
>> > In trying to debug a strange error where client can't login, I enabled
>> all the usual debug settings, this is all good, it works for imap and pop3
>> fine, but the problem is when used with dovecot's LDA there is a nasty
>> issue.
>> >
>> > the file created by debug_log_path in this case
>> /var/log/dovecot/debug.log , this file created as root, again this is fine
>> for nice logging of imap and pop3, but this causes postfix not to deliver
>> mail, for write permission denied, LDA runs as vmail, all my sub sections
>> like *_listener also = vmail and all my uid/gid settings are also to
>> user/group vmail
>> >
>> > obviously you wont main log files to not be owned by vmail for case of
>> security, so is there a way to set the ownership of the debug file - apart
>> from the obvious of remembering 40 minutes later when you get alert of high
>> mailq level to chown the file :)
>> >
>> > If there is no way, may the developers take this as a feature request
>> please.
>> > Thanks
>> > Loz
>>
>> dovecot-lda should be using log process to write logs, as i'm sure you
>> are getting the non-debug kind of logs just fine from lda, right?
>>
>> One way to workaround this would be to use debug_log_path=syslog to write
>> logs via syslog socket.
>>
>> Aki
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210602/c0936539/attachment-0001.html>

More information about the dovecot mailing list