search for: protectsystem

...7 09:24 Dag Nygren kirjutas: > > PS! I really hate systemd - Destroys the UNIX way of > > doing things with a heavy axe.... > > Don't hate it, better learn to use it: > https://wiki.archlinux.org/index.php/systemd#Drop-in_files Cannot find a way to "remove" the ProtectSystem setting as there is no option to set ProtectSystem=none . At least not according to the systemd manual... Dag

Hi! Have been using Fedora as my dovecot server for some time and am struggling with systemd at every update. Fedora insists on setting ProtectSystem=full in both dovecot.service and postfix.service at every update of the packages. This makes my mailstore which is in /usr/local/var/mail Read-only. And this makes the incoming emails delivered through dovecot-lda disappear into /dev/null until I notice the problem and we lose incoming emails. M...

...r fix and queue flush Vlads > message does not show up in my mailbox. > > > Check the systemd unit for ProtectHome, and make sure that is turned > > off. > > Found these lines in unit file > > > # Enable this if your systemd is new enough to support it: > > ProtectSystem=full I recommend you leave this ON and instead set ProtectHome=false To enable writable /home Aki

...ia custom initscrit: > [ -f /var/lib/samba/krb5.keytab ] || touch /var/lib/samba/krb5.keytab > > The empty file must be created before samba and sssd services > launched. Hmm, i think its good that you read: https://www.freedesktop.org/software/systemd/man/systemd.exec.html Check ProtectSystem= PrivateTmp= ReadWritePaths= And basicly the sandboxing part. > > Btw, I have to mention that the samba packages in your repo doesn't > work with sssd packages on Stretch. Sssd quits with segfault. Due to > this, I switched back to the official Debian builds (4.5.12) in order...

>> Hi! >> Now I have to check, if this a Thunderbird-Issue or is this a >> dovecot-issue. For that reason, I will activate the extended logging >> of dovecot. > <snip/> >> I cant see such events in the logfiles. Which switch is to turn on to >> log all events? >> Or do anyone know the reason for the annoying >>

...d? One file for example? > > Best > Dag > Dag Nygren <mailto:dag at newtech.fi> > 14 August 2017 at 4:24 pm > Hi! > > Have been using Fedora as my dovecot server for > some time and am struggling with systemd > at every update. > Fedora insists on setting > ProtectSystem=full in both dovecot.service and postfix.service > at every update of the packages. > > This makes my mailstore which is in /usr/local/var/mail > Read-only. > > And this makes the incoming emails delivered through > dovecot-lda disappear into /dev/null until I notice > the p...

On Fri, Dec 16, 2016 at 10:17:21AM -0800, Glenn E. Bailey III wrote: > This is a base install. If you deploy an instance in ec2 or GCE (ec2 > you can do the free tier) it's easily repeatable. Even on a RHEL 7.3 > instance. Note you'll need to allow root and password logins via SSH > before attempting. I can confirm this. The culprit? NetworkManager has /home open. I

Hi list I have to dovecot instances running which host my mailboxes on Centos7 dovecot.x86_64 1:2.2.26.0-2.el7.centos installed dovecot-debuginfo.x86_64 1:2.2.26.0-2.el7.centos installed dovecot-mysql.x86_64 1:2.2.26.0-2.el7.centos installed dovecot-pigeonhole.x86_64 1:2.2.26.0-2.el7.centos installed all over sudden both dovecot

...aspberri pi with Raspbian 8 (all up to date). [Service] Type=forking ExecStart=/usr/sbin/dovecot PIDFile=/var/run/dovecot/dovecot/master.pid ExecReload=/usr/bin/doveadm reload ExecStop=/usr/bin/doveadm stop PrivateTmp=true NonBlocking=yes # Enable this if your systemd is new enough to support it: #ProtectSystem=full I'm running ./configure with: ./configure --prefix=/usr --sysconfdir=/etc --libexecdir=/usr/lib --localstatedir=/var --mandir=/usr/share/man --infodir=/usr/share/info --with-moduledir=/usr/lib/dovecot/modules --disable-rpath --with-systemdsystemunitdir=auto --with-storages=maildir --...

...ctHome=read-only', which keeps NM from writing there. I presume namespacing /home in this way counts against unmounting it. This is a good security protection for everyone running NM, so I can see it being worth the tradeoff vs. being able to move or remove /home on a live system. (It also has ProtectSystem=true, which mounts /usr and /boot read-only as well.) If you wanted to change this, drop ProtectHome=false into /etc/systemd/system/NetworkMananger.service.d/override.conf (possibly by using sudo systemctl edit foo NetworkMananger). -- Matthew Miller <mattdm at fedoraproject.org> Fedora Pr...

...keeps NM from > writing there. I presume namespacing /home in this way counts against > unmounting it. This is a good security protection for everyone running > NM, so I can see it being worth the tradeoff vs. being able to move or > remove /home on a live system. > > (It also has ProtectSystem=true, which mounts /usr and /boot read-only > as well.) > > If you wanted to change this, drop ProtectHome=false into > /etc/systemd/system/NetworkMananger.service.d/override.conf (possibly > by using sudo systemctl edit foo NetworkMananger). > > -- > Matthew Miller > &lt...

14.08.2017 09:24 Dag Nygren kirjutas: > > Hi! > > Have been using Fedora as my dovecot server for > some time and am struggling with systemd > at every update. > Fedora insists on setting > ProtectSystem=full in both dovecot.service and postfix.service > at every update of the packages. > > This makes my mailstore which is in /usr/local/var/mail > Read-only. > > And this makes the incoming emails delivered through > dovecot-lda disappear into /dev/null until I notice > the...

...>> Dag >> Dag Nygren <mailto:dag at newtech.fi> >> 14 August 2017 at 4:24 pm >> Hi! >> >> Have been using Fedora as my dovecot server for >> some time and am struggling with systemd >> at every update. >> Fedora insists on setting >> ProtectSystem=full in both dovecot.service and postfix.service >> at every update of the packages. >> >> This makes my mailstore which is in /usr/local/var/mail >> Read-only. >> >> And this makes the incoming emails delivered through >> dovecot-lda disappear into /dev/nu...

...ere has been no delivery to mailbox) but after fix and queue flush Vlads message does not show up in my mailbox. > Check the systemd unit for ProtectHome, and make sure that is turned > off. Found these lines in unit file > # Enable this if your systemd is new enough to support it: > ProtectSystem=full and after commenting the 2nd one, dovceot could write again to the FS :-) Have no idea why this setting started to make problems just today :-) Thanks so much for the fast help here tobi Am 28.10.2017 um 11:51 schrieb Tobi: > Hi list > > I have to dovecot instances running which...

...service [Service] Type=simple ExecStartPre=/usr/libexec/dovecot/prestartscript ExecStart=/usr/sbin/dovecot -F PIDFile=/var/run/dovecot/master.pid ExecReload=/usr/bin/doveadm reload ExecStop=/usr/bin/doveadm stop PrivateTmp=true NonBlocking=yes # this will make /usr /boot /etc read only for dovecot ProtectSystem=full PrivateDevices=true # disable this if you want to use apparmor plugin #NoNewPrivileges=true CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_AUDIT_WRITE # You can add environment variables wit...

...r-- 1 root root 21259 Apr 14 11:24 /var/log/mail.dovecot-error >[...] > Any hints for me? Well, fix the permission errors? Give write access to the docecot user (or whatever you use) for the log file. Also take care if you use the systemd service, there may be other restrictions in place (ProtectSystem etc)

> > Hmm, i think its good that you read: > https://www.freedesktop.org/software/systemd/man/systemd.exec.html > > Check ProtectSystem= PrivateTmp= ReadWritePaths= > And basicly the sandboxing part. I had an opinion about that a systemd based distro won't suit for my customization needs then I choose Devuan. I'm actually using Devuan Ascii as nfs root and I already managed sort of things with help of custom scripts....

...og/mail.dovecot-error > >[...] > > Any hints for me? > > Well, fix the permission errors? > Give write access to the docecot user (or whatever you use) for the log > file. > > Also take care if you use the systemd service, there may be other > restrictions in place (ProtectSystem etc) > -- Martin -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190419/64efd892/attachment.html>

Am 19.03.2020 um 16:28 schrieb Adam Raszkiewicz: > I was able to solve errors below but now it complains about the startup how is handled on Centos7: > > ? dovecot.service - LSB: Dovecot init script > Loaded: loaded (/etc/rc.d/init.d/dovecot; bad; vendor preset: disabled) > Active: failed (Result: exit-code) since Thu 2020-03-19 15:15:37 UTC; 54s ago > Docs: