[Dovecot] dovecot -n FATAL

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 6 Feb 2014, Phil wrote:

> Im new to postfix-dovecot

and Unix/Linux, too?

>                           and im mystified by the following results in ubuntu 
> 10.04lts
>
> :~$ dovecot -n
> # 1.2.9: /etc/dovecot/dovecot.conf
> Error: ssl_key_file: Can't use /etc/ssl/private/ssl-mail.key: Permission 
> denied
> Fatal: Invalid configuration in /etc/dovecot/dovecot.conf
>
> ~$ sudo ls -dl /etc/ssl/private/ssl-mail.key
> lrwxrwxrwx 1 root root 38 2013-11-27 08:35 /etc/ssl/private/ssl-mail.key -> 
> /etc/ssl/private/ssl-cert-snakeoil.key

You show us the symbolic link, which has all Unix permissions usually. The 
interessting file is the final target, e.g. 
/etc/ssl/private/ssl-cert-snakeoil.key if that is no symlink as well, and 
the permissions of all directories to it.

For instance, Debian uses the perms for the private dir:

drwx--x--- 2 root ssl-cert 4096 Jul  4  2012 /etc/ssl/private/

I think it looks the same on your Ubuntu machine. So add
the Dovecot user to group ssl-cert to let it enter the directory
at all. The Snakeoil key is usually group-readable for ssl-cert, too.
So no change of permissions necessary there as well.

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUvM4j3D1/YhP6VMHAQI+Lwf+Omv0MmhRC1Cu/bddxt1rbubrlWEV1s9u
PjqHWj09scGsdZnPASq6ZpTr2LrQXOoGDFrZou3D8vQ1tz3urXBB+jcXJKCJVKQb
Ig8bt/IXXDRhMj2PANGkRMGg/y2kD/xnokqUv49ixrLTwoTh4JtE9p4AQY+CDuYD
bJJnyuMVHIsTPQ/VupTM7wneGlJ6HoDMF66JtyOeL1Y9X9YObhOvxSOPONfIhkKW
bDtYsuFi7nFdNUNObnYUXgxgihwwtzFVP0B/wRfM7j8G6cPNVA3jJ231rh8YfI/v
I1qIowj0/IeQPE7h+CuFB4a5+iqL8dT+vaoPxUbKROv44KFsrOlH5g==
=jr4s
-----END PGP SIGNATURE-----