[Dovecot] Mail root to root and permissions problem
/dev/rob0
rob0 at gmx.co.uk
Tue Dec 15 20:49:40 EET 2009
On Tue, Dec 15, 2009 at 02:11:28PM +0100, Benny Pedersen wrote:
> On tir 15 dec 2009 11:41:41 CET, Steffen Kaiser wrote
> >On Tue, 15 Dec 2009, Antonello Onida wrote:
> >><error>
> >>ex: from root@* to root@*.
> >>Command output: Can't open log file /var/log/dovecot.log: Permission denied
> >></error>
> >>Operations like "dovecot: 2009-12-15 11:17:24 Warning: Killed
> >>with signal 15" are writen.
> >>It's a permission problem: dovecot.log is owned by "root" and
> >>grupped by "adm" (chmodded 640).
> >
> >At first shot (if you would always get the error), I would say,
> >you use system users and those users must not write to the log
> >file.
> >
> >Add write-permission for all (chmod a+w) or reconfigure Dovecot to
> >let deliver use syslog:
> >
> >protocol lda {
> > ...
> > # Log to syslog
> > log_path =
> > info_log_path =
> > syslog_facility = mail
> >}
>
> or more simple :)
>
> mkdir -p /var/log/dovecot
> chown dovecot /var/log/dovecot
> # chgrp mail /var/log/dovecot
> configure global dovecot to use logdir as /var/log/dovecot
>
> rule to remember is permissons got the parent permissions, and this
> is why it fails above
>
> please correct me if i am wrong
I think you might be. The OP has not presented complete information,
but my guess is that deliver(1) is being invoked by postfix/local(8),
which refuses to run processes as root. Instead, $default_privs (see
postconf(5)) is used. root should be aliased to a non-root user.
I'm not clear on why other mail is apparently able to open and write
the Dovecot log, but I'm pretty sure that the syslog approach would
work. So would a+w, ugly though it is.
I'm not sure about your idea. Yes, *if* deliver runs as dovecot:mail
it should work. But lacking information, we don't really know. My
advice to OP:
1. Check aliases(5), ensure that "root: youruser at localhost" is
present. (Also assumes that localhost, localhost.$mydomain are
both listed in $mydestination and that "youruser" is a valid
system account.)
2. Using syslog is a good idea anyway, rather than having each
deliver to open, lock, and write the logfile.
3. If problem persists, complete "postconf -n ; dovecot -n"
output and all logging (non-verbose) for a single delivery
should be provided, so we don't have to guess.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
More information about the dovecot
mailing list