> On 28/12/2022 01:19 EET James Moe <moe.james at sma-inc.us> wrote: > > > dovecot 2.3.15 > opensuse LEAP 15.4 > > I changed logging to use a path rather than syslog. Doing so makes it easier > to work with fail2ban. > Dovecot fails to start with the error: > Can't open log file /data01/var/log/dovecot.log: Permission denied > > Permissions: > drwxrwxr-x 1 root users 104 Feb 25 2018 /data01/ > drwxrwxr-x 1 sma-user3x users 102 Dec 17 14:50 /data01/var/ > drwxrwxr-x 1 sma-user3x users 146 Dec 27 15:37 /data01/var/log/ > drwxrwxr-x 1 dovecot users 22 Dec 27 15:47 /data01/var/log/dovecot/ > > "dovecot" is a member of "users". > > What "permission" am I missing? > > Note: A long time ago I had a problem with programs consuming all available > space on the system disk with log or backup files. I have since gotten in the > habit of putting log files on a non-system disk. > > -- > James Moe > moe dot james at sohnen-moe dot com > 520.743.3936 > Think.Hi! Dovecot drops all extra group memberships from processes when spawning them unless told otherwise. The `log` service runs by default as root, not as dovecot. If data01 is a NFS mount, then root may become squashed. If you want to run log as `dovecot`, you can do so with service log { user = dovecot } Aki
On 2022-12-28 00:27, Aki Tuomi wrote:> The `log` service runs by default as root, not as dovecot. >Then I do not understand why there is a permissions problem at all. It is root!> If data01 is a NFS mount, then root may become squashed. >Not an NFS mount. It is local.> If you want to run log as `dovecot`, you can do so with > > service log { > user = dovecot > } >Permission is still denied. Where do I find information about "status=80/n/a"? I did not include all two of the syslog entries in the previous message: 2022-12-29T20:17:56-0700 sma-server3 dovecot[12102]: Can't open log file /data01/var/log/dovecot.log: Permission denied 2022-12-29T20:17:56-0700 sma-server3 systemd[1]: dovecot.service: Main process exited, code=exited, status=80/n/a -- James Moe moe dot james at sohnen-moe dot com 520.743.3936 Think.