Change the default base_dir to /run from ${prefix}/var/run
Hello,
at 6b1bcf1bad1d7, calling
./configure && make install
sets prefix=/usr/local, and thus the default base_dir = /usr/local/var/run/dovecot. Moreover it installs /usr/lib/systemd/system/dovecot.service with [Service] ProtectSystem=full.
ProtectSystem=full mounts /usr as read-only, so no files can be written under the default base_dir.
The Linux Hierachy Standard says for /usr/local - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html - directories bin, etc, games, include, lib, man, sbin, share, and src must be in /usr/local. No other directories, except those listed below, may be in /usr/local after first installing a FHS-compliant system.
var is not listed below. (“below” means the citation above, not the next paragraph)
For /var/run LSH contains - https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varrunRuntimeVaria... - This directory was once intended for system information data describing the system since it was booted. These functions have been moved to /run; this directory exists to ensure compatibility with systems and software using an older version of this specification. In general, the requirements for /run shall also apply to /var/run. It is valid to implement /var/run as a symlink to /run. .
For /run LHS mentions “This directory contains system information data describing the system since it was booted. Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process.”
The defaults base_dir=/usr/local/var/run/dovecot and ProtectSystem=full present a non-working configuration.
• Please consider changing the default (implicit) value of base_dir to /run.
• When prefix is /usr/local, then dovecot.service should be installed in /usr/local/lib/systemd/system/.
Kind regards Дилян
Hello,
similarly the default state_dir = /usr/local/var/lib/dovecot is not compatible with the default ProtectSystem=full (⇔read-only /usr):
May 20 10:04:44 d dovecot[319843]: master: Dovecot v0.0.0-33124+6b1bcf1bad (6b1bcf1bad) starting up for imap, lmtp May 20 10:04:44 d dovecot[319843]: master: Error: open(/usr/local/var/lib/dovecot/.temp.d.319843.4804e3352f1b5fd3) failed: Read-only file system May 20 10:04:44 d systemd[1]: Started dovecot.service - Dovecot IMAP/POP3 email server. May 20 10:04:44 d dovecot[319843]: master: Error: file_dotlock_open(/usr/local/var/lib/dovecot/instances) failed: Read-only file system
Greetings Дилян
-----Original Message----- From: Дилян Палаузов dilyan.palauzov@bapha.be To: dovecot dovecot@dovecot.org Subject: Change the default base_dir to /run from ${prefix}/var/run Date: 05/20/2024 08:26:30 AM
Hello,
at 6b1bcf1bad1d7, calling
./configure && make install
sets prefix=/usr/local, and thus the default base_dir = /usr/local/var/run/dovecot. Moreover it installs /usr/lib/systemd/system/dovecot.service with [Service] ProtectSystem=full.
ProtectSystem=full mounts /usr as read-only, so no files can be written under the default base_dir.
The Linux Hierachy Standard says for /usr/local - https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s09.html - directories bin, etc, games, include, lib, man, sbin, share, and src must be in /usr/local. No other directories, except those listed below, may be in /usr/local after first installing a FHS-compliant system.
var is not listed below. (“below” means the citation above, not the next paragraph)
For /var/run LSH contains - https://refspecs.linuxfoundation.org/FHS_3.0/fhs-3.0.html#varrunRuntimeVaria... - This directory was once intended for system information data describing the system since it was booted. These functions have been moved to /run; this directory exists to ensure compatibility with systems and software using an older version of this specification. In general, the requirements for /run shall also apply to /var/run. It is valid to implement /var/run as a symlink to /run. .
For /run LHS mentions “This directory contains system information data describing the system since it was booted. Files under this directory must be cleared (removed or truncated as appropriate) at the beginning of the boot process.”
The defaults base_dir=/usr/local/var/run/dovecot and ProtectSystem=full present a non-working configuration.
• Please consider changing the default (implicit) value of base_dir to /run.
• When prefix is /usr/local, then dovecot.service should be installed in /usr/local/lib/systemd/system/.
Kind regards Дилян
participants (1)
-
Дилян Палаузов