chmod 775 /var/log/dovecot will solve the problem. Without execute permission
the process can't access the logfile.
On 19.05.24 12:25, Richard Rosner via dovecot <dovecot@dovecot.org> wrote:
Am 19.05.24 um 04:02 schrieb Peter via dovecot:
> Check the permissions of the entire path, as dovecot:
>
> namei -l /var/log/dovecot/error.log
>
> It might be selinux, check your audit.log file, or set selinux to
> permissive mode and see if it works:
>
> setenforce 0
This can't be the case, there is no SELinux present by default in Debian
and it was never installed on that server. For completeness, here's the
output:
namei -l /var/log/dovecot/error.log
f: /var/log/dovecot/error.log
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root log
drw-rw-r-- dovecot dovecot dovecot
-rw-r--r-- dovecot dovecot error.log
>
> It might also be apparmour (sorry don't have instructions for apparmour).
>
> The message basically means that something is preventing the dovecot
> user from writing to the file, you need to figure out what that is.
>
>
> Peter
I can say that this isn't possible, as any AppArmor actions would be
logged, so they would have showed up. And by the files sizes, Dovecot is
clearly writing to them.
-rw-r--r-- 1 dovecot dovecot 0 13. Mai 20:50 debug.log
-rw-r--r-- 1 dovecot dovecot 37K 14. Mai 14:05 error.log
-rw-r--r-- 1 dovecot dovecot 40K 13. Mai 21:20 info.log
So there's pretty much no possibility AppArmor could have any
involvement here. Also, usually when AppArmor prevents access to a
directory, you'd get a "file not found" error, not a permission denied.
For the very unlikely case that AppArmor is the cause, these are the
only rules present for dovecot:
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/
/var/vmail/ /var/mail/ /var/spool/mail
Which doesn't seem to be relevant for this. No idea how dovecot can put
the mail into /maildirs/username, but since that's working I'm not
complaining.
The file in abstractions only contains this:
# used with dovecot/*
abi <abi/3.0>,
capability setgid,
deny capability block_suspend,
# dovecot's master can send us signals
signal receive peer=dovecot,
owner @{run}/dovecot/config rw,
# Include additions to the abstraction
include if exists <abstractions/dovecot-common.d>
Richard
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org