Right, that technically just works of course. Giving every user on the system access to the anvil service seems like a proper bad idea to me though.
The better workaround would be to give just the group of the lmtp process access to the socket like
service anvil { unix_listener anvil { group = vmail mode = 0660 } }
Since there is clear intent in the code to avoid this problem I would maintain that this is a bug and ideally should be fixed there.
Cheers, Felix
On 01.10.25 10:25, Aki Tuomi wrote:
Or just
service anvil { unix_listener anvil { mode = 0666 } }
Aki
On 01/10/2025 11:16 EEST Zakaria via dovecot <dovecot@dovecot.org> wrote:
I think you can fix this using systemd service. Post Start run script that adjusts anvil file, in /var/run, chmod to 666.
Zak.
On 2025-09-30 22:02, Felix Geyer via dovecot wrote:
I think this bug is back in dovecot 2.4.1. I'm getting:- lmtp(15118): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied
I get the same error with Dovecot 2.4.1. This is caused by running lmtp as non-root, i.e. with a configuration like
service lmtp { user = vmail }
src/lmtp/lmtp-commands.c client_default_cmd_mail() has this code:
/* Connect to anvil before dropping privileges */ lmtp_anvil_init();
However if I got this right
a) This code is called after dropping privileges, so would not have the permissions. b) It doesn't actually connect to the anvil socket since lmtp_anvil_init() doesn't call anvil_client_connect()
Adding lmtp_anvil_init(); anvil_client_connect() calls in src/lmtp/main.c main() before drop_privileges() fixes the error but I don't know if that's the right approach.
Cheers, Felix
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org I think you can fix this using systemd service. Post Start run script that adjusts anvil file, in /var/run, chmod to 666.
Zak. On 2025-09-30 22:02, Felix Geyer via dovecot wrote: >> I think this bug is back in dovecot 2.4.1. >> I'm getting:- >> lmtp(15118): Error: conn unix:/run/dovecot/anvil: net_connect_unix(/run/dovecot/anvil) failed: Permission denied > > I get the same error with Dovecot 2.4.1. > This is caused by running lmtp as non-root, i.e. with a configuration like > > service lmtp { > user = vmail > } > > src/lmtp/lmtp-commands.c client_default_cmd_mail() has this code: > > /* Connect to anvil before dropping privileges */ > lmtp_anvil_init(); > > However if I got this right > > a) This code is called after dropping privileges, so would not have the permissions. > b) It doesn't actually connect to the anvil socket since lmtp_anvil_init() doesn't call anvil_client_connect() > > Adding lmtp_anvil_init(); anvil_client_connect() calls in src/lmtp/main.c main() before drop_privileges() fixes the error but I don't know if that's the right approach. > > Cheers, > Felix > > _______________________________________________ > dovecot mailing list -- dovecot@dovecot.org > To unsubscribe send an email to dovecot-leave@dovecot.org
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org