[Dovecot] [SOLVED] Installing Dovecot on Gentoo

Branko Majic branko at majic.rs
Sun Jan 13 21:41:41 EET 2013

On Sun, 13 Jan 2013 18:34:27 +0100
Christian Rößner <cr at sys4.de> wrote:

> Am 13.01.2013 um 18:13 schrieb Christian Rößner <cr at sys4.de>:
> > 6537 1020  open("/etc/ssl/private/mx0.roessner-net.de.key.pem",
> > O_RDONLY) = -1 EACCES (Permission denied)
> I had messed up ACLs for this file. After creating private and key
> again with correct setfacl command, everything works as expected.
> Sorry for the noice, but this was really hard to find out.
> Wrong:
> getfacl private/
> # file: private
> # owner: root
> # group: ssl-cert
> # flags: -s-
> user::rwx
> user:amavis:r-x
> group::---
> mask::r-x
> other::---
> Right:
> getfacl private/
> # file: private/
> # owner: root
> # group: ssl-cert
> user::rwx
> user:amavis:r-x
> group::r-x
> mask::r-x
> other::---
> So as you can see the group settings got lost… 
> Thanks

Slightly off-topic from my side, but wanted to mention it since I've
worked with POSIX ACLs a bit.

Personally, I've had very bad experiences with POSIX ACLs. They can act
in quite an unintuitive way when you start combining them with
different umask's, originating directory/file permissions (in case of
copying), sticky bits, and chmod's on files/directories where you've
already set-up the permissions (not to mention that some stuff seems to
outright ignore it, like mod_php5/php).

Unfortunately, due to a couple of very bad design decisions, the POSIX
ACL (at least for me) turned out to be quite unusable in most cases
(like sharing files via Samba, even though Samba itself had enough
problems of its own). I've also attempted using it at some point for
some LAMP apps I've deployed, and ended-up abandoning them in favour of
group sticky bits on directories (wanted to administer the web app
with regular account, while still letting the Apache access files
using umask 0007).

So, personally, I'd avoid using them.

Best regards

Sorry for off-topic or if you were already aware of this, but wanted
to post it just in case :) 

Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130113/65d9ae67/attachment-0004.bin>

More information about the dovecot mailing list