Right, that technically just works of course.
Giving every user on the system access to the anvil service seems like a
proper bad idea to me though.
The better workaround would be to give just the group of the lmtp process
access to the socket like
service anvil {
unix_listener anvil {
group = vmail
mode = 0660
}
}
Since there is clear intent in the code to avoid this problem I would
maintain that this is a bug and ideally should be fixed there.
Cheers,
Felix
On 01.10.25 10:25, Aki Tuomi wrote:
Or just
service anvil {
unix_listener anvil {
mode = 0666
}
}
Aki
On 01/10/2025 11:16 EEST Zakaria via dovecot <[email protected]> wrote:
I think you can fix this using systemd service. Post Start run script
that adjusts anvil file, in /var/run, chmod to 666.
Zak.
On 2025-09-30 22:02, Felix Geyer via dovecot wrote:
I think this bug is back in dovecot 2.4.1.
I'm getting:-
lmtp(15118): Error: conn unix:/run/dovecot/anvil:
net_connect_unix(/run/dovecot/anvil) failed: Permission denied
I get the same error with Dovecot 2.4.1.
This is caused by running lmtp as non-root, i.e. with a configuration
like
service lmtp {
user = vmail
}
src/lmtp/lmtp-commands.c client_default_cmd_mail() has this code:
/* Connect to anvil before dropping privileges */
lmtp_anvil_init();
However if I got this right
a) This code is called after dropping privileges, so would not have the
permissions.
b) It doesn't actually connect to the anvil socket since
lmtp_anvil_init() doesn't call anvil_client_connect()
Adding lmtp_anvil_init(); anvil_client_connect() calls in
src/lmtp/main.c main() before drop_privileges() fixes the error but I
don't know if that's the right approach.
Cheers,
Felix
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected] I think you can fix
this using systemd service. Post Start run script that
adjusts anvil file, in /var/run, chmod to 666.
Zak.
On 2025-09-30 22:02, Felix Geyer via dovecot wrote:
>> I think this bug is back in dovecot 2.4.1.
>> I'm getting:-
>> lmtp(15118): Error: conn unix:/run/dovecot/anvil:
net_connect_unix(/run/dovecot/anvil) failed: Permission denied
>
> I get the same error with Dovecot 2.4.1.
> This is caused by running lmtp as non-root, i.e. with a configuration
like
>
> service lmtp {
> user = vmail
> }
>
> src/lmtp/lmtp-commands.c client_default_cmd_mail() has this code:
>
> /* Connect to anvil before dropping privileges */
> lmtp_anvil_init();
>
> However if I got this right
>
> a) This code is called after dropping privileges, so would not have the
permissions.
> b) It doesn't actually connect to the anvil socket since
lmtp_anvil_init() doesn't call anvil_client_connect()
>
> Adding lmtp_anvil_init(); anvil_client_connect() calls in
src/lmtp/main.c main() before drop_privileges() fixes the error but I
don't know if that's the right approach.
>
> Cheers,
> Felix
>
> _______________________________________________
> dovecot mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
_______________________________________________
dovecot mailing list -- [email protected]
To unsubscribe send an email to [email protected]
