Re: BUG-Report: mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings) third attempt!

2 Apr 2026

      Maybe you have SELinux or something preventing the access? You could run service auth { user=root } if nothing else works.
...
On 2. Apr 2026, at 15.14, Klaus Tachtler <klaus@tachtler.net> wrote:
Hi Timo,
sorry my fault, found the file inside systemd:
/tmp/systemd-private-ab22c74fcf994418a96bd0422a864ab3-dovecot.service-J0Z3EJ/tmp/auth.strace
---- %< ----
openat(AT_FDCWD, "/etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem", O_RDONLY) = -1 EACCES (Permission denied)
close(22)
---- <% ----
Here is my directory structure with ownership and file permissions:
==================================================================

# ls -lad /etc/dovecot/ssl/
drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/

# ls -l /etc/dovecot/ssl/
total 0
drwxr-xr-x 1 root root 204 Feb 27 09:55 certs
drwxr-xr-x 1 root root 116 Feb 27 09:55 private

# ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
-r--r--r-- 1 dovecot dovecot 11627 Feb 27 09:55
/etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem

# ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
-r-------- 1 dovecot dovecot 1703 Feb 27 09:55
/etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
Thank you,
Klaus.
On 4/2/26 14:07, Timo Sirainen wrote:
...
On 2. Apr 2026, at 15.03, Klaus Tachtler <klaus@tachtler.net> wrote:
...
Hi Timo,
now I have:
service auth {
executable = /usr/bin/strace -D -o /tmp/auth.strace -s 100
/usr/lib/dovecot/auth
group = vmail
user = vmail
inet_listener auth {
port = 12345
listen = 10.0.0.80 fd00::10:10:0:0:80
}
}
The problem is, no strace file will be written?
ls -l /tmp/auth.strace
ls: cannot access '/tmp/auth.strace': No such file or directory
With systemd the /tmp directory is actually under /tmp/systemd-something/. Try find /tmp -name auth.strace or use some other directory than /tmp.
--

e-Mail  : klaus@tachtler.net <mailto:klaus@tachtler.net>
Homepage: https://www.tachtler.net <https://www.tachtler.net/>
DokuWiki: https://dokuwiki.tachtler.net <https://dokuwiki.tachtler.net/>
Maybe you have SELinux or something preventing the access? You could run
service auth { user=root } if nothing else works.
 On 2. Apr 2026, at 15.14, Klaus Tachtler &lt;klaus@tachtler.net> wrote:
 Hi Timo,

 sorry my fault, found the file inside systemd:

 /tmp/systemd-private-ab22c74fcf994418a96bd0422a864ab3-dovecot.service-J0Z3EJ/tmp/auth.strace

 ---- %&lt; ----

 openat(AT_FDCWD,
 "/etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem", O_RDONLY)
 = -1 EACCES (Permission denied)
 close(22)

 ---- &lt;% ----

     Here is my directory structure with ownership and file permissions:
     ==================================================================

     # ls -lad /etc/dovecot/ssl/
     drwxr-xr-x 1 root root 24 Feb 27 09:55 /etc/dovecot/ssl/

     # ls -l /etc/dovecot/ssl/
     total 0
     drwxr-xr-x 1 root root 204 Feb 27 09:55 certs
     drwxr-xr-x 1 root root 116 Feb 27 09:55 private

     # ls -l /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem
     -r--r--r-- 1 dovecot dovecot 11627 Feb 27 09:55
     /etc/dovecot/ssl/certs/wildcard.idmz.tachtler.net.chain.pem

     # ls -l /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem
     -r-------- 1 dovecot dovecot 1703 Feb 27 09:55
     /etc/dovecot/ssl/private/wildcard.idmz.tachtler.net.key.pem

 Thank you,

 Klaus.

 On 4/2/26 14:07, Timo Sirainen wrote:

   On 2. Apr 2026, at 15.03, Klaus Tachtler &lt;klaus@tachtler.net> wrote:

     Hi Timo,

     now I have:

     service auth {
      executable = /usr/bin/strace -D -o /tmp/auth.strace -s 100
     /usr/lib/dovecot/auth
      group = vmail
      user = vmail
      inet_listener auth {
        port = 12345
        listen = 10.0.0.80 fd00::10:10:0:0:80
      }
     }

     The problem is, no strace file will be written?

     # ls -l /tmp/auth.strace
     ls: cannot access '/tmp/auth.strace': No such file or directory

   With systemd the /tmp directory is actually under
   /tmp/systemd-something/. Try find /tmp -name auth.strace or use some
   other directory than /tmp.

 --

 ---------------------------------------
 e-Mail  : [1]klaus@tachtler.net
 Homepage: [2]https://www.tachtler.net
 DokuWiki: [3]https://dokuwiki.tachtler.net
 ---------------------------------------
References
Visible links

mailto:klaus@tachtler.net
https://www.tachtler.net/
https://dokuwiki.tachtler.net/

Re: BUG-Report: mysql: SSL support not compiled in (remove ssl_client_ca_file and ssl_client_ca_dir settings) third attempt!

Timo Sirainen

ls -l /tmp/auth.strace

e-Mail : klaus@tachtler.net <mailto:klaus@tachtler.net> Homepage: https://www.tachtler.net <https://www.tachtler.net/> DokuWiki: https://dokuwiki.tachtler.net <https://dokuwiki.tachtler.net/>