ssl_cert: Can't open file permission denied
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0
I am getting a weird error message:
Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied
I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)
- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl
How can I fix this ? There's no obvious solution ?
On 10.4.2019 12.36, Laura Smith via dovecot wrote:
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0
I am getting a weird error message:
Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied
I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)
- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl
How can I fix this ? There's no obvious solution ?
Are you by chance using selinux? If you are, you might need to relabel the files.
Aki
On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot dovecot@dovecot.org wrote:
On 10.4.2019 12.36, Laura Smith via dovecot wrote:
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0 I am getting a weird error message: Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)
- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl
How can I fix this ? There's no obvious solution ?
Are you by chance using selinux? If you are, you might need to relabel the files.
Aki
This is openSUSE, not Centos, I don't think it even comes with selinux.
Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot dovecot@dovecot.org:
On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot dovecot@dovecot.org wrote:
On 10.4.2019 12.36, Laura Smith via dovecot wrote:
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0 I am getting a weird error message: Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)
- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl
How can I fix this ? There's no obvious solution ?
Are you by chance using selinux? If you are, you might need to relabel the files.
Aki
This is openSUSE, not Centos, I don't think it even comes with selinux.
Maybe apparmor?
https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071 https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071
OpenSuSE and apparmor expect dovecot certs to be in /etc/ssl/private ISPConfig setup script expects SSL certs to be in /etc/postfix but apparmor prevents dovecot from reading them in that directory
Otherwise you could login as dovecot user (temporarily change the shell to bash if needed; usermod -s /bin/bash) and see if you can access the certificate. Check all directory/file permissions, including acls (man getfacl), along the path.
Best regards Gerald
On Wednesday, April 10, 2019 11:40 AM, Gerald Galster via dovecot dovecot@dovecot.org wrote:
Am 10.04.2019 um 11:59 schrieb Laura Smith via dovecot dovecot@dovecot.org:
On Wednesday, April 10, 2019 10:52 AM, Aki Tuomi via dovecot dovecot@dovecot.org wrote:
On 10.4.2019 12.36, Laura Smith via dovecot wrote:
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0 I am getting a weird error message: Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied I have tried the following:
How can I fix this ? There's no obvious solution ?
Are you by chance using selinux? If you are, you might need to relabel the files.
Aki
This is openSUSE, not Centos, I don't think it even comes with selinux.
Maybe apparmor?
https://git.ispconfig.org/ispconfig/ispconfig3/issues/5071
> OpenSuSE and apparmor expect dovecot certs to be in /etc/ssl/private > ISPConfig setup script expects SSL certs to be in /etc/postfix but apparmor prevents dovecot from reading them in that directory
Otherwise you could login as dovecot user (temporarily change the shell to bash if needed; usermod -s /bin/bash) and see if you can access the certificate. Check all directory/file permissions, including acls (man getfacl), along the path.
Best regards Gerald
@Gerald Spot on with apparmor !
chmod -R 655 /etc/foobar/ssl' drops x attribute from ssl' itself.
Use chmod -R 755' or chmod +x' or similar.
10.04.2019 12:36, Laura Smith via dovecot пишет:
Dovecot 2.3.3 (dcead646b) openSUSE Leap 15.0
I am getting a weird error message:
Fatal: Error in configuration file /etc/dovecot/local.conf line 16: ssl_cert: Can't open file /etc/foobar/ssl/certbot.pem: Permission denied
I have tried the following:
- chmod -R 655 /etc/foobar/ssl (/etc/foobar is 755)
- create "ssl_users" group add dovecot to it chown -R dovecot:ssl_users /etc/foobar/ssl
How can I fix this ? There's no obvious solution ?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Wednesday, April 10, 2019 1:08 PM, Michael Orlitzky via dovecot dovecot@dovecot.org wrote:
On 4/10/19 6:39 AM, Dmitry Donskih via dovecot wrote:
chmod -R 655 /etc/foobar/ssl' drops x attribute fromssl' itself. Usechmod -R 755' orchmod +x' or similar.Your private keys should be... private. Use 750 instead.
You are teaching granny to suck eggs.
Sometimes granny needs to do troubleshooting (especially when neither Dovecot or the Operating System are generating any sort of useful log entries to help granny... it means granny needs to resort to real basics like file permissions and then work upwards).
participants (5)
-
Aki Tuomi
-
Dmitry Donskih
-
Gerald Galster
-
Laura Smith
-
Michael Orlitzky