Re: /var/run/dovecot permission issues

17 Aug 2017

      In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
--
Larry Rosenman                     http://www.lerctr.org/~ler
Phone: +1 214-642-9640                 E-Mail: larryrtx@gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
On 8/17/17, 11:04 AM, "dovecot on behalf of Matt Simpson"  wrote:
> On Aug 17, 2017, at 9:19 AM, Matt Simpson <dclist@list.jmatt.net> wrote:
> 
> I have an issue that surfaced when I tried to start using the new metrics service, but it looks like it may be a more generic issue.
> 

When I took a closer look at this, it might be a problem with the FreeBSD packaging of dovecot, and not in dovecot itself.

I’m running FreeBSD 11, and installed dovecot as a package using standard FreeBSD package utilities.   The install process creates a start/stop script, and that script is creating the /var/run/dovecot directory at startup and removing it at shutdown. 

The command which creates the directory is

/usr/bin/install -o root -g wheel -m 0755 -d ${base_dir}

which apparently just creates a directory with the specified owner and group.

At this point, I’m a little confused about the best way to proceed.  Any other FreeBSD dovecot users here?  Currently, it looks like the startup script is creating /var/run/dovecot, owned by root.  Then dovecot creates /var/run/dovecot/stats-mail, also owned by root.  I could possibly alter the startup script to create /var/run/dovecot owned by dovecot instead of root, but I don’t think that will change the ownership of stats-mail, which seems to be created by dovecot running as root, and then attempted to write by dovecot running as a different user.  Does anybody know what’s going on here?