Permissions for dovecot logging
Aki Tuomi
aki.tuomi at open-xchange.com
Wed Dec 28 07:27:31 UTC 2022
> On 28/12/2022 01:19 EET James Moe <moe.james at sma-inc.us> wrote:
>
>
> dovecot 2.3.15
> opensuse LEAP 15.4
>
> I changed logging to use a path rather than syslog. Doing so makes it easier
> to work with fail2ban.
> Dovecot fails to start with the error:
> Can't open log file /data01/var/log/dovecot.log: Permission denied
>
> Permissions:
> drwxrwxr-x 1 root users 104 Feb 25 2018 /data01/
> drwxrwxr-x 1 sma-user3x users 102 Dec 17 14:50 /data01/var/
> drwxrwxr-x 1 sma-user3x users 146 Dec 27 15:37 /data01/var/log/
> drwxrwxr-x 1 dovecot users 22 Dec 27 15:47 /data01/var/log/dovecot/
>
> "dovecot" is a member of "users".
>
> What "permission" am I missing?
>
> Note: A long time ago I had a problem with programs consuming all available
> space on the system disk with log or backup files. I have since gotten in the
> habit of putting log files on a non-system disk.
>
> --
> James Moe
> moe dot james at sohnen-moe dot com
> 520.743.3936
> Think.
Hi!
Dovecot drops all extra group memberships from processes when spawning them unless told otherwise. The `log` service runs by default as root, not as dovecot. If data01 is a NFS mount, then root may become squashed.
If you want to run log as `dovecot`, you can do so with
service log {
user = dovecot
}
Aki
More information about the dovecot
mailing list