What are the correct dovecot file permissions for /etc/dovecot on Ubuntu 18.04?

Question

I can't log in to my newly self-hosted webmail and I'm getting the following entries in /var/log/mail.log

Feb 10 02:00:31 ip-172-26-15-53 dovecot: lmtp(myemailuser@example.co.uk): Error: open(
/etc/dovecot/sieve/before.d/no-spam.svbin.ip-172-26-15-53.31363.94959b0f9050164f) failed: R
ead-only file system
Feb 10 02:00:31 ip-172-26-15-53 dovecot: lmtp(myemailuser@example.co.uk): Error: wEGGI
j+5QF6DegAAAPOhIQ: sieve: binary save: failed to create temporary file: open(/etc/dovecot/s
ieve/before.d/no-spam.svbin.) failed: Read-only file system

It looks to be a permissions problem. I've tried the suggestions here

My install is at /etc/dovecot and permissions are

-rwxrwx---   1 vmail dovecot

Dovecot was installed on Ubuntu 18.04 (Amazon lightsail) using the following playbook:

https://github.com/codecowboy/sovereign/blob/master/roles/mailserver/tasks/dovecot.yml

Dovecot version is 2.2.33.2 (d6601f4ec)

Mailbox is stored on an encfs volume

Have you checked if your filesystem is actually mounted read only? — Gerald Schneider, Feb 10 '20 at 12:30
/dev/xvda1 on / type ext4 (rw,relatime,discard,data=ordered) but that box also has encfs on it and I'm out of my depth there. — codecowboy, Feb 10 '20 at 12:46

tilkov · Accepted Answer · 2020-02-11T21:05:51.253

7

The systemd unit, which controls dovecot has ProtectSystem set to full or strict, which prevents the processes from writing to /etc.

Add to the unit file /etc/systemd/system/multi-user.target.wants/dovecot.service an exception for this directory:

ReadWritePaths=/etc/dovecot/sieve/before.d/

Reload the units with:

systemctl daemon-reload

And restart dovecot with:

systemctl restart dovecot

edited Feb 11 '20 at 21:05

answered Feb 10 '20 at 18:41

tilkov

243
2
6

1

Thank you. There's a typo in daemon-reload fyi. Is there anything additional required to make that path an exception or literally add that line? – codecowboy Feb 11 '20 at 15:52
1

Fixed the missing dash, thank you! Please test with just adding this line, that's all the docs mention. – tilkov Feb 11 '20 at 21:06
Hm. Now I get `Failed to set up mount namespacing: /run/systemd/unit-root/etc/dovecot/sieve/before.d:` — that's not exactly what I was expecting when typing `ReadWritePaths=/etc/dovecot/sieve/before.d/`. Also, another error is `Failed at step NAMESPACE spawning /usr/bin/doveadm: No such file or directory` – Gwyneth Llewelyn Oct 27 '21 at 18:47

score 0 · Answer 2 · answered Jan 11 '22 at 12:39

0

In some kernels, instead of ReadWritePaths, use ReadWriteDirectories.

answered Jan 11 '22 at 12:39

Zakaria

1

This does not provide an answer to the question. Once you have sufficient [reputation](https://serverfault.com/help/whats-reputation) you will be able to [comment on any post](https://serverfault.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/508610) – mailq Jan 12 '22 at 22:09

What are the correct dovecot file permissions for /etc/dovecot on Ubuntu 18.04?

2 Answers2