我在用本教程用于Postfix设置WebDovecot服务器CentOS 7。但是,当我尝试使用 发送测试电子邮件时sudo echo "TEST" | mail -s "testmail" newuser@localhost && sudo tail -f /var/log/maillog,收到一条错误消息,指示 Dovecot 无权创建用于存储电子邮件的目录。我该如何设置权限Dovecot并Postfix能够在其中正常工作CentOS 7?
我是新来的linux。我知道adduser、chmod、chown、octal permissions和其他命令,但我不知道它们如何应用于这个特定的要求,并且我不想通过在不理解的情况下进行实验来创建无效的东西。
这是错误消息中最相关的部分:
Error: user import: Initialization failed: Namespace '':
mkdir(/home/import/Maildir) failed:
Permission denied (euid=1001(import) egid=1001(import)
missing +w perm: /home/import, UNIX perms appear ok (ACL/MAC wrong?))
这是完整的错误消息:
Dec 30 19:03:42 mydomain postfix/pickup[8093]: A22E78221C13: uid=1000 from=<anotherusername>
Dec 30 19:03:42 mydomain postfix/cleanup[8121]: A22E78221C13: message-id=<[email protected]>
Dec 30 19:03:42 mydomain postfix/qmgr[8094]: A22E78221C13: from=<[email protected]>, size=463, nrcpt=1 (queue active)
Dec 30 19:03:42 mydomain dovecot: lda(newusername): Error: user newusername: Initialization failed: Namespace '': mkdir(/home/newusername/Maildir) failed: Permission denied (euid=1001(newusername) egid=1001(newusername) missing +w perm: /home/newusername, dir owned by 0:0 mode=0755)
Dec 30 19:03:42 mydomain dovecot: lda(newusername): Fatal: Invalid user settings. Refer to server log for more information.
Dec 30 19:03:42 mydomain postfix/local[8123]: A22E78221C13: to=<[email protected]>, orig_to=<newusername@localhost>, relay=local, delay=0.15, delays=0.06/0.02/0/0.07, dsn=4.3.0, status=deferred (temporary failure)
编辑:
然后我运行然后sudo chown -R newusername:newusername /home/newusername再次重复sudo echo "TEST" | sudo mail -s "testmail" newuser@localhost && sudo tail -f /var/log/maillog但仍然出现以下错误:
Dec 30 20:42:29 mydomain postfix/qmgr[8094]: E0DF28221C14: from=<[email protected]>, size=463, nrcpt=1 (queue active)
Dec 30 20:42:29 mydomain dovecot: lda(newusername): Error: user newusername: Initialization failed: Namespace '': mkdir(/home/newusername/Maildir) failed: Permission denied (euid=1001(newusername) egid=1001(newusername) missing +w perm: /home/newusername, UNIX perms appear ok (ACL/MAC wrong?))
Dec 30 20:42:29 mydomain dovecot: lda(newusername): Fatal: Invalid user settings. Refer to server log for more information.
Dec 30 20:42:29 mydomain postfix/local[8531]: E0DF28221C14: to=<[email protected]>, orig_to=<newusername@localhost>, relay=local, delay=1101, delays=1101/0.02/0/0.06, dsn=4.3.0, status=deferred (temporary failure)
Dec 30 20:45:40 mydomain postfix/pickup[8529]: CF3CB80B33C4: uid=0 from=<root>
Dec 30 20:45:40 mydomain postfix/cleanup[8551]: CF3CB80B33C4: message-id=<[email protected]>
Dec 30 20:45:40 mydomain postfix/qmgr[8094]: CF3CB80B33C4: from=<[email protected]>, size=455, nrcpt=1 (queue active)
Dec 30 20:45:40 mydomain dovecot: lda(newusername): Error: user newusername: Initialization failed: Namespace '': mkdir(/home/newusername/Maildir) failed: Permission denied (euid=1001(newusername) egid=1001(newusername) missing +w perm: /home/newusername, UNIX perms appear ok (ACL/MAC wrong?))
Dec 30 20:45:40 mydomain dovecot: lda(newusername): Fatal: Invalid user settings. Refer to server log for more information.
Dec 30 20:45:40 mydomain postfix/local[8553]: CF3CB80B33C4: to=<[email protected]>, orig_to=<newusername@localhost>, relay=local, delay=0.15, delays=0.08/0.02/0/0.05, dsn=4.3.0, status=deferred (temporary failure)
回答:
这个问题是由于 SELinux 造成的。我通过sudo nano /etc/sysconfig/selinux然后设置解决了这个问题SELINUX=disabled。这在开发过程中是可以接受的。更完整的解决方案是设置 SELinux 规则,允许 postfix 和 dovecot 在投入生产之前运行。
注意:七百四十二条建议我检查 SELinux 状态,因此我将其标记为正确答案。
答案1
关键在这里:failed: Permission denied (euid=1001(newusername) egid=1001(newusername) missing +w perm: /home/newusername, dir owned by 0:0 mode=0755
Dovecot 尝试写入/home/newusername/{whatever your maildir is}newusername:newusername,但是该目录由用户 0:0(root)拥有。因为权限模式是755,所以只有所有者才有+w权限
另外,如果您使用 SELinux,请确保您的 ACL 允许 dovecot 写入您的 maildir
答案2
我遇到了同样的问题。家长还提到,它是通过禁用 selinux 来实现的。谢谢你的提示。禁用 SEL 对我来说不是一个选择。
因此,如果您不想禁用 selinux,请尝试:
- 检查“问题”目录的 SELinux 上下文:
ls -Z /home/newusername
drwx------. centos centos unconfined_u:object_r:user_home_dir_t:s0 centos
drwx------. newusername newusername unconfined_u:object_r:home_root_t:s0 newusername
- 它应该显示
user_home_dir_tas 上下文 - 它不应该是
home_root_tselinux 上下文。
观察:如果您以 root 身份创建 homedir,它将获取根上下文,然后用户创建的每个对象都将具有根上下文。
- 修复此运行:
restorecon -vR /home/newuserhome
- 再次检查 SELinux 上下文,您现在应该有:
ls -Z /home/newusername
drwx------. centos centos unconfined_u:object_r:user_home_dir_t:s0 centos
drwx------. newusername newusername unconfined_u:object_r:user_home_dir_t:s0 newusername
- 测试:尝试在内部创建文件或目录
newuserhome并检查 SEL 上下文 - 如果新文件仍然没有显示正确的上下文,请运行:
semanage fcontext -a -e /home /home/newusername
restorecon -vR /home/newuserhome
希望它现在应该具有“正常”主目录的正确上下文并允许访问。