Hi,
In trying to debug a strange error where client can't login, I enabled all the usual debug settings, this is all good, it works for imap and pop3 fine, but the problem is when used with dovecot's LDA there is a nasty issue.
the file created by debug_log_path in this case /var/log/dovecot/debug.log , this file created as root, again this is fine for nice logging of imap and pop3, but this causes postfix not to deliver mail, for write permission denied, LDA runs as vmail, all my sub sections like *_listener also = vmail and all my uid/gid settings are also to user/group vmail
obviously you wont main log files to not be owned by vmail for case of security, so is there a way to set the ownership of the debug file - apart from the obvious of remembering 40 minutes later when you get alert of high mailq level to chown the file :)
If there is no way, may the developers take this as a feature request please. Thanks Loz
On 01/06/2021 02:35 Laura Steynes <laura.steynes72@gmail.com> wrote:
Hi,
In trying to debug a strange error where client can't login, I enabled all the usual debug settings, this is all good, it works for imap and pop3 fine, but the problem is when used with dovecot's LDA there is a nasty issue.
the file created by debug_log_path in this case /var/log/dovecot/debug.log , this file created as root, again this is fine for nice logging of imap and pop3, but this causes postfix not to deliver mail, for write permission denied, LDA runs as vmail, all my sub sections like *_listener also = vmail and all my uid/gid settings are also to user/group vmail
obviously you wont main log files to not be owned by vmail for case of security, so is there a way to set the ownership of the debug file - apart from the obvious of remembering 40 minutes later when you get alert of high mailq level to chown the file :)
If there is no way, may the developers take this as a feature request please. Thanks Loz
dovecot-lda should be using log process to write logs, as i'm sure you are getting the non-debug kind of logs just fine from lda, right?
One way to workaround this would be to use debug_log_path=syslog to write logs via syslog socket.
Aki
Hi, Yes, lda writes to deliver.log just fine, will give type syslog a try, was just hoping to put it into a debug file so when we sort out the issue we can delete the file without losing correct metadata entries
On Tue, Jun 1, 2021 at 3:26 PM Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 01/06/2021 02:35 Laura Steynes <laura.steynes72@gmail.com> wrote:
Hi,
In trying to debug a strange error where client can't login, I enabled all the usual debug settings, this is all good, it works for imap and pop3 fine, but the problem is when used with dovecot's LDA there is a nasty issue.
the file created by debug_log_path in this case /var/log/dovecot/debug.log , this file created as root, again this is fine for nice logging of imap and pop3, but this causes postfix not to deliver mail, for write permission denied, LDA runs as vmail, all my sub sections like *_listener also = vmail and all my uid/gid settings are also to user/group vmail
obviously you wont main log files to not be owned by vmail for case of security, so is there a way to set the ownership of the debug file - apart from the obvious of remembering 40 minutes later when you get alert of high mailq level to chown the file :)
If there is no way, may the developers take this as a feature request please. Thanks Loz
dovecot-lda should be using log process to write logs, as i'm sure you are getting the non-debug kind of logs just fine from lda, right?
One way to workaround this would be to use debug_log_path=syslog to write logs via syslog socket.
Aki
Aki, using syslog works, but using the file does not, the exact error is in deliver log - where lda writes to ok lda: Fatal: Can't open log file xxxxxxx: Permission denied so log files deliver.log owned by vmail/vmail and pop3 log root/root, the debug file is created root/root but lda is vmail user so of course perm denied.
protocol lda is not told any user, just path, I guess it gets its user perms from the entry in postfix master when it gets its first entry to write, it then creates it, as that user? Thats what it appears so we would need a way to set username on the debug command, as pop3 logout is done as root it will write anyway.
On Wed, Jun 2, 2021 at 12:56 PM Laura Steynes <laura.steynes72@gmail.com> wrote:
Hi, Yes, lda writes to deliver.log just fine, will give type syslog a try, was just hoping to put it into a debug file so when we sort out the issue we can delete the file without losing correct metadata entries
On Tue, Jun 1, 2021 at 3:26 PM Aki Tuomi <aki.tuomi@open-xchange.com> wrote:
On 01/06/2021 02:35 Laura Steynes <laura.steynes72@gmail.com> wrote:
Hi,
In trying to debug a strange error where client can't login, I enabled all the usual debug settings, this is all good, it works for imap and pop3 fine, but the problem is when used with dovecot's LDA there is a nasty issue.
the file created by debug_log_path in this case /var/log/dovecot/debug.log , this file created as root, again this is fine for nice logging of imap and pop3, but this causes postfix not to deliver mail, for write permission denied, LDA runs as vmail, all my sub sections like *_listener also = vmail and all my uid/gid settings are also to user/group vmail
obviously you wont main log files to not be owned by vmail for case of security, so is there a way to set the ownership of the debug file - apart from the obvious of remembering 40 minutes later when you get alert of high mailq level to chown the file :)
If there is no way, may the developers take this as a feature request please. Thanks Loz
dovecot-lda should be using log process to write logs, as i'm sure you are getting the non-debug kind of logs just fine from lda, right?
One way to workaround this would be to use debug_log_path=syslog to write logs via syslog socket.
Aki
participants (2)
-
Aki Tuomi
-
Laura Steynes