Re: Dovecot correct ownership for logs
On Sun, May 19, 2024 at 05:15:40PM +0200, Richard wrote:
> Then where does the combination rwx come in here? With read the app knows
> the file is there, with write it writes to the file. Question is, where the
> necessity would be to know the owner of the file or even the kind. The
> logger is supposed to just append text to a file.
Stop trying to reason out WHY things are the way they are. Just accept it.
You need execute permission on a directory in order to access anything
within that directory. That's how it is. That's the decision the
creators of Unix came up with.
In order for a program to write (append) to a file that already exists,
it needs:
* execute permission on every directory leading up to that file
* write permission on the file
If the file does NOT already exist, then the program needs to be able to
create it, and in that case, it will need:
* execute permission on every directory leading up to where the file goes
* write permission on the final (leaf) directory
File creation, file removal, and file renaming are directory operations,
and they need write (plus execute, of course) permission on the directory.
Modifying an existing file is a file operation, so that needs write
permission on the file (plus execute permission on the directory).
In EVERY case, you always need execute permission on all the parent
directories as well. This is well-understood, so we usually don't bother
saying it explicitly.
Kudos to whoever you spoke with on the Dovecot list who thought to go
all the way back to first principles on this one. We got distracted
with all of the other complex ways that this setup could have been
incorrect, and forgot to check one of the most basic ones.
Reply to: