Re: /var/run/dovecot permission issues
I'm glad to read this thread. I didn't even know that dovecot stats existed. Which statistics do you find most useful? Bill On 8/17/2017 3:31 PM, Matt Simpson wrote: On Aug 17, 2017, at 12:07 PM, Larry Rosenman wrote: In /usr/local/etc/dovecot/conf.d/90-plugin.conf: Thanks. Those config statements fixed the problem.
Re: /var/run/dovecot permission issues
On 8/17/2017 7:07 PM, Larry Rosenman wrote:
In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
It should be enough to just set permissions as other options are defaults.
/usr/local/etc/dovecot/conf.d/10-master.conf :
service stats {
fifo_listener stats-mail {
mode = 0666
}
fifo_listener stats-user {
mode = 0666
}
unix_listener stats {
mode = 0666
}
}
BTW I'm not sure if write permissions on 'stats-user' and 'stats' listeners are
required for metrics service.
At least I have no evidence if Dovecot ever tried to write to that listeners.
Probably it is enough to set write permissions on 'stats-mail'.
Re: /var/run/dovecot permission issues
> On Aug 17, 2017, at 12:07 PM, Larry Rosenman wrote: > > In /usr/local/etc/dovecot/conf.d/90-plugin.conf: Thanks. Those config statements fixed the problem.
Re: /var/run/dovecot permission issues
In /usr/local/etc/dovecot/conf.d/90-plugin.conf:
service stats {
chroot = empty
client_limit = 0
drop_priv_before_exec = no
executable = stats
extra_groups =
fifo_listener stats-mail {
group =
mode = 0666
user =
}
fifo_listener stats-user {
group =
mode = 0666
user =
}
group =
idle_kill = 4294967295 secs
privileged_group =
process_limit = 1
process_min_avail = 0
protocol =
service_count = 0
type =
unix_listener stats {
group =
mode = 0666
user =
}
user = $default_internal_user
vsz_limit = 18446744073709551615 B
}
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: larry...@gmail.com
US Mail: 5708 Sabbia Drive, Round Rock, TX 78665-2106
On 8/17/17, 11:04 AM, "dovecot on behalf of Matt Simpson"
wrote:
> On Aug 17, 2017, at 9:19 AM, Matt Simpson wrote:
>
> I have an issue that surfaced when I tried to start using the new metrics
service, but it looks like it may be a more generic issue.
>
When I took a closer look at this, it might be a problem with the FreeBSD
packaging of dovecot, and not in dovecot itself.
I’m running FreeBSD 11, and installed dovecot as a package using standard
FreeBSD package utilities. The install process creates a start/stop script,
and that script is creating the /var/run/dovecot directory at startup and
removing it at shutdown.
The command which creates the directory is
/usr/bin/install -o root -g wheel -m 0755 -d ${base_dir}
which apparently just creates a directory with the specified owner and
group.
At this point, I’m a little confused about the best way to proceed. Any
other FreeBSD dovecot users here? Currently, it looks like the startup script
is creating /var/run/dovecot, owned by root. Then dovecot creates
/var/run/dovecot/stats-mail, also owned by root. I could possibly alter the
startup script to create /var/run/dovecot owned by dovecot instead of root, but
I don’t think that will change the ownership of stats-mail, which seems to be
created by dovecot running as root, and then attempted to write by dovecot
running as a different user. Does anybody know what’s going on here?
Re: /var/run/dovecot permission issues
> On Aug 17, 2017, at 9:19 AM, Matt Simpson wrote:
>
> I have an issue that surfaced when I tried to start using the new metrics
> service, but it looks like it may be a more generic issue.
>
When I took a closer look at this, it might be a problem with the FreeBSD
packaging of dovecot, and not in dovecot itself.
I’m running FreeBSD 11, and installed dovecot as a package using standard
FreeBSD package utilities. The install process creates a start/stop script,
and that script is creating the /var/run/dovecot directory at startup and
removing it at shutdown.
The command which creates the directory is
/usr/bin/install -o root -g wheel -m 0755 -d ${base_dir}
which apparently just creates a directory with the specified owner and group.
At this point, I’m a little confused about the best way to proceed. Any other
FreeBSD dovecot users here? Currently, it looks like the startup script is
creating /var/run/dovecot, owned by root. Then dovecot creates
/var/run/dovecot/stats-mail, also owned by root. I could possibly alter the
startup script to create /var/run/dovecot owned by dovecot instead of root, but
I don’t think that will change the ownership of stats-mail, which seems to be
created by dovecot running as root, and then attempted to write by dovecot
running as a different user. Does anybody know what’s going on here?
/var/run/dovecot permission issues
I have an issue that surfaced when I tried to start using the new metrics
service, but it looks like it may be a more generic issue.
When I enabled stats and started dovecot, I got the following error in the log:
Error: stats: open(/var/run/dovecot/stats-mail) failed: Permission denied
/var/run/dovecot/stats-mail did not exist. /var/run/dovecot/ existed, owned by
root, which apparently was preventing dovecot from creating stats-mail. On
advice from another list subscriber, I changed the ownership of
/var/run/dovecot to the dovecot user. This doesn’t help.
Apparently /var/run/dovecot is deleted by dovecot when it shuts down, and
recreated, with root ownership, when it restarts. stats-mail is created, with
root ownership. Is there something I need to change to prevent dovecot from
creating this directory owned by root? I was unaware of any problems before
trying to enable stats, but the ownership of files in that directory is a
mixed bag
$ ls -l /var/run/dovecot
total 20
srw--- 1 root wheel 0 Aug 17 09:05 anvil
srw--- 1 root wheel 0 Aug 17 09:05 anvil-auth-penalty
srw--- 1 dovecot wheel 0 Aug 17 09:05 auth-client
srw--- 1 dovecot wheel 0 Aug 17 09:05 auth-login
srw-rw 1 aliasqnofiles0 Aug 17 09:05 auth-master
-rw--- 1 root wheel 32 Aug 17 09:05 auth-token-secret.dat
srw-rw-rw- 1 dovecot wheel 0 Aug 17 09:05 auth-userdb
srw--- 1 dovecot wheel 0 Aug 17 09:05 auth-worker
srw--- 1 root wheel 0 Aug 17 09:05 config
srw--- 1 root wheel 0 Aug 17 09:05 dict
srw--- 1 root wheel 0 Aug 17 09:05 dict-async
srw--- 1 root wheel 0 Aug 17 09:05 director-admin
srw-rw-rw- 1 root wheel 0 Aug 17 09:05 dns-client
srw--- 1 root wheel 0 Aug 17 09:05 doveadm-server
lrwx-- 1 root wheel 35 Aug 17 09:05 dovecot.conf ->
/usr/local/etc/dovecot/dovecot.conf
drwxr-xr-x 2 root wheel 512 Aug 17 09:05 empty
srw--- 1 root wheel 0 Aug 17 09:05 imap-hibernate
srw--- 1 root wheel 0 Aug 17 09:05 imap-master
srw-rw-rw- 1 root wheel 0 Aug 17 09:05 imap-urlauth
srw--- 1 dovecot wheel 0 Aug 17 09:05 imap-urlauth-worker
srw-rw-rw- 1 root wheel 0 Aug 17 09:05 indexer
srw--- 1 dovecot wheel 0 Aug 17 09:05 indexer-worker
srw--- 1 root wheel 0 Aug 17 09:05 ipc
srw--- 1 root wheel 0 Aug 17 09:05 log-errors
drwxr-x--- 2 root dovenull 512 Aug 17 09:05 login
srw--- 1 root wheel 0 Aug 17 09:05 master
-rw--- 1 root wheel 6 Aug 17 09:05 master.pid
srw--- 1 root wheel 0 Aug 17 09:05 replication-notify
prw--- 1 root wheel 0 Aug 17 09:05 replication-notify-fifo
srw--- 1 dovecot wheel 0 Aug 17 09:05 replicator
srw-rw-rw- 1 root wheel 0 Aug 17 09:05 ssl-params
srw--- 1 root wheel 0 Aug 17 09:05 stats
prw--- 1 root wheel 0 Aug 17 09:05 stats-mail
prw--- 1 root wheel 0 Aug 17 09:05 stats-user
drwxr-x--- 2 root dovenull 512 Aug 17 09:05 token-login
$ doveconf -n
# 2.2.31 (65cde28): /usr/local/etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.19 (e5c7051)
# OS: FreeBSD 11.0-RELEASE-p9 amd64
auth_stats = yes
auth_verbose = yes
default_vsz_limit = 128 M
lock_method = flock
mail_location = maildir:~/Maildir
mail_plugins = " stats"
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext vnd.dovecot.pipe vnd.dovecot.execute
namespace inbox {
inbox = yes
location =
prefix =
}
passdb {
args = imap
driver = pam
}
plugin {
recipient_delimiter = -
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve-pipe
sieve_extensions = +vnd.dovecot.pipe +vnd.dovecot.execute
sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve-pipe
sieve_pipe_exec_timeout = 10s
sieve_plugins = sieve_extprograms
stats_refresh = 30s
}
protocols = imap
service auth {
unix_listener auth-master {
group = qnofiles
mode = 0660
user = alias
}
user = root
}
service imap-login {
process_min_avail = 3
vsz_limit = 94 M
}
ssl_cert =
