kopano server cannot write attachment folder
-
just to note: i also tried the /usr/share/man/man5/kopano-server.cfg.5.gz file with my parameters without success
same result :/i have no idea why the attachment folder cant be written on /home ; specially when it was no problem with the version before
-
@gmcpaul said in kopano server cannot write attachment folder:
just to note: i also tried the /usr/share/man/man5/kopano-server.cfg.5.gz file with my parameters without success
Yeah, comparing the cfg files was imho a deadend anyways. The only bit of information that could be gained from it is if you had used a completely different
run_as_
.@gmcpaul said in kopano server cannot write attachment folder:
i also wonder why it should have that issue just after upgrading the dep packages…
Kopano is just using the filesystem provided by your os, so whatever now prevents the software from accessing this path must have come from either system updates, a changed system configuration or other external factors.
To verify this you could run
sudo -u kopano touch /home/kopano/attachments/test
. This will switch into the user context of the Kopano user and will want to create a file at the given path. This will already fail for you. -
hi felix,
thanks for your reply.
tried your suggestion … fails not O_o
root@srv01:/# sudo -u kopano touch /home/kopano/attachments/test
root@srv01:/# cd /home/kopano/attachments/
root@srv01:/home/kopano/attachments# ls
0 1 2 3 4 5 6 7 8 9 test -
even updated os to ubuntu 20.04 lts … just for “fun”
then reinstalled the latest nightly build, core-10.0.6.406.7ff4b4b-Ubuntu_20.04-amd64.tar.gz.i checked if kopano-server is started as user kopano via ps and it did.
also tried to start the kopano-server by commenting the run-as parameters out of the server.cnf file.
the sudo -u kopano …touch test proofed that there is no problem with permissions for the homedir
apparmor was disabledfor me it looks like a bug … but are there any other tests i can make to find the problem?
thanks
-
@gmcpaul which version were you using prior to your upgrade?
In case you can write to a path directly, but not when the running through systemd, then https://stash.kopano.io/projects/KC/repos/kopanocore/commits/f957fea2d774581d1150ca32e25e40c023140788#installer/linux/kopano-server.service could be the culprit.
-
Hi @fbartels ,
According to the Logs it should have been 9.0.2.158.3dd898471-0+246.1.my kopano-sever.service part :
[Service]
Type=simple
ExecStart=/usr/sbin/kopano-server
ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=60
ProtectSystem=full
ProtectHome=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateTmp=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes -
changing
ProtectHome=yes to no
then
systemctl daemon-reload
then
/etc/init.d/kopano-server restartnow seems good according to server.log :D
-
@gmcpaul an update safe way would be to create an override file. First run
sudo systemctl edit kopano-server
and in the resulting editor paste the following:[Service] ProtectHome=no
-
@fbartels said in kopano server cannot write attachment folder:
[Service]
ProtectHome=no@fbartels many thanks!!
have a nice weekendcase can be closed from my side.
-
@gmcpaul said in kopano server cannot write attachment folder:
changing
ProtectHome=yes to noThis is less secure and cannot be recommended. It would be much better if your attachments were stored outside of
/home
and the setting is kept as is. See https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome= for exact details on the protection offfered when ProtectHome is enabled. -
Hi @longsleep
well thank you for the input.
I will keep in mind for future projects.
in my case the machine was historically (beginning from zarafa) set up with the use of /home to let large amounts of data outsourced on an seperate partition for a service to run in a “bubble” and to keep the files out of default system paths.
Since the filese are locked in run_as environments i thougt that wa a good design. Also when space is eaten up and you need to enlarge the hdd in a vm for example… so all was done in good intension so to speak.Well… lessons learned for me :D
Thank you all