[Dovecot] dovecot: auth(default): Can't open configuration file /etc/dovecot/dovecot-sql.conf: Permission denied
Hello,
I have been searching all day for help on an issue I am having after installing and just having begun to configure dovecot. Whenever I try to start the dovecot daemon I receive the following errors in the syslog:
Apr 4 13:15:03 ***** dovecot: auth(default): Can't open configuration file /etc/dovecot/dovecot-sql.conf: Permission denied Apr 4 13:15:03 *****dovecot: dovecot: Fatal: Auth process died too early - shutting down
Now, I have gone through the config file (see below) trying various settings for auth including running it as root and as vmail. I have tried a number of permutations for the permissions and ownership on the file specified above from 600 root -> 777 vmail and everything in between, yet always the same issue. If I rename the file and try to start dovecot it notices that the file is missing and gives an appropriate error. I cannot figure out how the permissions can be wrong on the file, I am starting to assume it is a problem elsewhere. (One other note, I was initially getting an error regarding the rawlog permissions, and just removed the rawlog part of the IMAP config to work around that).
---cut--- *****:~ # l /etc/dovecot/ total 160 drwxr-xr-x 2 root root 4096 Apr 4 14:18 ./ drwxr-xr-x 98 root root 12288 Apr 4 17:41 ../ -rw-r--r-- 1 root root 52110 Apr 4 14:18 dovecot.conf -rw-r--r-- 1 root root 51576 Mar 16 13:31 dovecot.conf~ -rw-r--r-- 1 root root 410 Feb 22 19:03 dovecot-db-example.conf -rw-r--r-- 1 root root 782 Feb 22 19:03 dovecot-dict-sql-example.conf -rw-r--r-- 1 root root 4986 Feb 22 19:03 dovecot-ldap-example.conf -rw-r--r-- 1 root root 5589 Apr 4 13:25 dovecot-sql.backup -rw------- 1 root root 5589 Mar 16 13:31 dovecot-sql.conf -rw-r--r-- 1 root root 5097 Feb 22 19:03 dovecot-sql-example.conf ---cut---
---cut--- *****:~ # dovecot -n # 1.2.16: /etc/dovecot/dovecot.conf Error: setmntent(/etc/mtab) failed: Permission denied # OS: Linux 2.6.37.1-1.2-desktop i686 log_timestamp: %Y-%m-%d %H:%M:%S protocols: imap imaps pop3 pop3s ssl: no disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/lib/dovecot/imap-login login_executable(imap): /usr/lib/dovecot/imap-login login_executable(pop3): /usr/lib/dovecot/pop3-login first_valid_uid: 5000 last_valid_uid: 5000 first_valid_gid: 5000 last_valid_gid: 5000 mail_location: maildir:/var/vmail/%d/%n/Maildir mail_executable(default): /usr/lib/dovecot/imap mail_executable(imap): /usr/lib/dovecot/imap mail_executable(pop3): /usr/lib/dovecot/rawlog /usr/lib/dovecot/pop3 mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugin_dir(default): /usr/lib/dovecot/modules/imap mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3 lda: postmaster_address: postmaster@example.com mail_plugins: sieve quota mail_plugin_dir: /usr/lib/dovecot/modules/lda auth_socket_path: /var/run/dovecot/auth-master auth default: mechanisms: plain login passdb: driver: pam passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: passwd userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: vmail plugin: quota: maildir sieve: ~/.dovecot.sieve sieve_dir: ~/sieve ---cut---
I just noticed that setmntent error above, I havent seen that anywhere else previously. Any help would be _greatly_ appreciated.
Sincerely, Kevin M.
On 5.4.2011, at 1.16, Kevin P. McDonough wrote:
Apr 4 13:15:03 ***** dovecot: auth(default): Can't open configuration file /etc/dovecot/dovecot-sql.conf: Permission denied
This file is opened while dovecot-auth is still running as root. So I'm guessing you have SELinux or AppArmor or something similar enabled, which prevents this.
Error: setmntent(/etc/mtab) failed: Permission denied .. I just noticed that setmntent error above, I havent seen that anywhere else previously. Any help would be _greatly_ appreciated.
This can also only be explained by SELinux/AppArmor.
Hmm. I did see mention of SELinux in regards to other permissions errors but everything I was reading seemed to have less to do with configuration file read access and more with creation of sockets, etc and I didnt think about AppArmor. That sounds like a good place to start looking. Thank you for the lead, I will let you know what I find.
Kevin
On 04/05/2011 12:54 AM, Timo Sirainen wrote:
On 5.4.2011, at 1.16, Kevin P. McDonough wrote:
Apr 4 13:15:03 ***** dovecot: auth(default): Can't open configuration file /etc/dovecot/dovecot-sql.conf: Permission denied This file is opened while dovecot-auth is still running as root. So I'm guessing you have SELinux or AppArmor or something similar enabled, which prevents this.
Error: setmntent(/etc/mtab) failed: Permission denied .. I just noticed that setmntent error above, I havent seen that anywhere else previously. Any help would be _greatly_ appreciated. This can also only be explained by SELinux/AppArmor.
Yes, it was definitely AppArmor. Thank you for pointing me in that direction. I have never run into issues with OpenSuSE and AppArmor not being properly configured when installing packages using Yast so I didnt even think to look there.
Kevin M.
On 04/05/2011 12:54 AM, Timo Sirainen wrote:
On 5.4.2011, at 1.16, Kevin P. McDonough wrote:
Apr 4 13:15:03 ***** dovecot: auth(default): Can't open configuration file /etc/dovecot/dovecot-sql.conf: Permission denied This file is opened while dovecot-auth is still running as root. So I'm guessing you have SELinux or AppArmor or something similar enabled, which prevents this.
Error: setmntent(/etc/mtab) failed: Permission denied .. I just noticed that setmntent error above, I havent seen that anywhere else previously. Any help would be _greatly_ appreciated. This can also only be explained by SELinux/AppArmor.
participants (2)
-
Kevin P. McDonough
-
Timo Sirainen