Kopano and systemd (feedback ) security limits not applied.

thctlo

Hai,

I noticed the following in kopano-dagent.

WARNING: setrlimit(RLIMIT_NOFILE, 8192) failed, you will only be able to connect up to 4096 sockets. Either start the process as root, or increase user limits for open file descriptors (Operation not permitted)

Fix is, for every systemd OS, Is increase limits is in the systemd unit file.
Its something for the kopano documentation.

Example of my running config:

systemctl edit kopano-dagent

/etc/systemd/system/kopano-dagent.service.d/override.conf
[Unit]
After=kopano-server.service
Wants=kopano-server.service

[Service]
LimitNOFILE=8192:16384

Note, ive change the “After and Wants” because if have everything running on one server.
Thats optional, if you want to streamline the service startup.

add also this one for the kopano-server
/etc/systemd/system/kopano-server.service.d/override.conf
[Unit]
After=network-online.target mysql.service mariadb.service
Wants=network-online.target

Greetz,

Louis

jengelh

I cannot reproduce this on D9. dagent normally runs as root (8.5.x/8.6.x) and can raise the limit on its own. If you still get EPERM on setrlimit even when root, there is some other mechanism in your system that prevents that.

thctlo

Do you use the kopano with the run_as? like
run_as_user = kopano
run_as_group = kopano
and since only root can change the limits…

Or have you changed one of these?
/etc/systemd/system.conf and /etc/systemd/user.conf

jengelh

Naturally with run_as (that is the default).

thctlo

small update here.
the debian bug report, it should be fixed, but i still noticed the messages.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865449

The workaround is :
editor /etc/systemd/system.conf and/or editor /etc/systemd/system.conf
and change the Default.