Am 19.05.24 um 04:02 schrieb Peter via dovecot:
Check the permissions of the entire path, as dovecot:
namei -l /var/log/dovecot/error.log
It might be selinux, check your audit.log file, or set selinux to permissive
mode and see if it works:
setenforce 0
This can't be the case, there is no SELinux present by default in Debian and it
was never installed on that server. For completeness, here's the output:
namei -l /var/log/dovecot/error.log
f: /var/log/dovecot/error.log
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root log
drw-rw-r-- dovecot dovecot dovecot
-rw-r--r-- dovecot dovecot error.log
It might also be apparmour (sorry don't have instructions for apparmour).
The message basically means that something is preventing the dovecot user from
writing to the file, you need to figure out what that is.
Peter
I can say that this isn't possible, as any AppArmor actions would be logged, so
they would have showed up. And by the files sizes, Dovecot is clearly writing
to them.
-rw-r--r-- 1 dovecot dovecot 0 13. Mai 20:50 debug.log
-rw-r--r-- 1 dovecot dovecot 37K 14. Mai 14:05 error.log
-rw-r--r-- 1 dovecot dovecot 40K 13. Mai 21:20 info.log
So there's pretty much no possibility AppArmor could have any involvement here. Also,
usually when AppArmor prevents access to a directory, you'd get a "file not
found" error, not a permission denied.
For the very unlikely case that AppArmor is the cause, these are the only rules
present for dovecot:
Dovecot has two files. In tunables you can find this:
# @{DOVECOT_MAILSTORE} is a space-separated list of all directories
# where dovecot is allowed to store and read mails
#
# The default value is quite broad to avoid breaking existing setups.
# Please change @{DOVECOT_MAILSTORE} to (only) contain the directory
# you use, and remove everything else.
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ @{HOME}/mail/ @{HOME}/Mail/
/var/vmail/ /var/mail/ /var/spool/mail
Which doesn't seem to be relevant for this. No idea how dovecot can put the
mail into /maildirs/username, but since that's working I'm not complaining.
The file in abstractions only contains this:
# used with dovecot/*
abi <abi/3.0>,
capability setgid,
deny capability block_suspend,
# dovecot's master can send us signals
signal receive peer=dovecot,
owner @{run}/dovecot/config rw,
# Include additions to the abstraction
include if exists <abstractions/dovecot-common.d>
Richard
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
