kopano server cannot write attachment folder
-
hello,
today i tried to upgrade to the actual kopano release and noticed that the core server wont start.in the server.log file i found this:
2020-08-12T07:15:44.942582: [=======] Starting kopano-server version 10.0.6 (pid 22287 uid 999)
2020-08-12T07:15:44.942592: [warning] Config warning: Option “server_ssl_protocols” has no effect anymore, and will be removed in a future release.
2020-08-12T07:15:44.942628: [info ] Using epoll events
2020-08-12T07:15:44.942860: [info ] Re-using fd 5 for 0.0.0.0:236
2020-08-12T07:15:44.942899: [info ] Re-using fd 6 for [::]:236
2020-08-12T07:15:44.945218: [info ] Re-using fd 7 for unix:/var/run/kopano/prio.sock
2020-08-12T07:15:44.945333: [info ] Re-using fd 10 for unix:/var/run/kopano/server.sock
2020-08-12T07:15:44.945404: [info ] Coredump status left at system default.
2020-08-12T07:15:44.946703: [error ] Unable to create attachment directory “/home/kopano/attachments”: Keine Berechtigungthe attachments are stored to /home/kopano/attachements by server.cfg
it worked before updating to the release core-10.0.6.376.b4ed83f-Ubuntu_18.04-amd64.tar.gz
System is Ubuntu 18.04; was also tested on 20.04 with the same resultFilepermissions where not changed; i also tried to set the homedir for user Kopano in passwd but did not help :/
Any ideas?thanks
-
update:
when using default dir from the manual attachment_path = /var/lib/kopano/attachments all seems to work… with same file permissions
but thats just an info for you guys -
@gmcpaul said in kopano server cannot write attachment folder:
“/home/kopano/attachments”: Keine Berechtigung
What are the permissions of this directory and the directory leading up to it? Is that a mounted filesystem?
-
hi felix,
user and group are kopano:kopano, permissions is 770 for the /home/kopano dir.
i also tried to reset with chown/chmod (with recursive parm) but did not help; neither 777…/home is a mounted fs, yes
/dev/sda4 on /home type ext4 (rw,relatime,data=ordered)btw: it is an community edt.
br,
paul -
Did you give apparmor the needed rights for this kopano-service and its folder.
Check /etc/apparmor.d and add/update the kopano-service apparmor file and add the needed folder.
-
hi thctlo,
thanks for the input
tried to disable apparmor… did not help…
i also wonder why it should have that issue just after upgrading the dep packages…br,
paul -
@gmcpaul after upgrading packages.
Can you show me the /var/log/dpkg.log of last day or 2?
Of which packages upgraded and got removed?And you “tried” to disable apparmor? so was it disabled of not because if you get an kernel upgrade, apparmor is most probely reinstalled.
Please verify it. i had and issue also and discovered apparmor running again.
for a complete remove, you need to adjust the boot lines for the kernel and remove the app itself. -
yes it forgot that apparmor integrates to the kernel sorry… i was thinking the service just needed to be disabled… sorry about that.
so i did now “systemctl disable apparmor” and rebooted the machine.
also added the apparmor=0 parameter to the grub boot file prior to the boot.
now aa-status:
apparmor filesystem is not mounted.trying to reset the kopanos attachment path and restart the core service resulted in:
2020-08-12T16:35:57.605343: [=======] Starting kopano-server version 10.0.6 (pid 2538 uid 999)
2020-08-12T16:35:57.605351: [warning] Config warning: Option “server_ssl_protocols” has no effect anymore, and will be removed in a future release.
2020-08-12T16:35:57.605384: [info ] Using epoll events
2020-08-12T16:35:57.605571: [info ] Re-using fd 5 for 0.0.0.0:236
2020-08-12T16:35:57.605606: [info ] Re-using fd 6 for [::]:236
2020-08-12T16:35:57.607851: [info ] Re-using fd 7 for unix:/var/run/kopano/prio.sock
2020-08-12T16:35:57.607969: [info ] Re-using fd 10 for unix:/var/run/kopano/server.sock
2020-08-12T16:35:57.608032: [info ] Coredump status left at system default.
2020-08-12T16:35:57.608507: [error ] Unable to create attachment directory “/home/kopano/attachments”: Keine Berechtigungapt Log is a bit long…cant post it here
-
-
for me it looks if it is a bug or so, i cant believe that a simple dpkg upgrade will result in apparmor or file permission block/corruption, does it?
was using a daily build package tho -
hm, that log looks fine.
and we are sure apparmor is disabledah, but this shows : Option “server_ssl_protocols” has no effect anymore,
Your running with an old config.
i cant look in my kopano server atm but run :updatedb
locate server.cfg
diff the version in /usr/share something and /etc/kopanobasily what i say here is, print out the old version of all config.
and use the new one to update the current config.
copy the one’s from //usr/share to /etc/kopano and edit these.in this case.
“/home/kopano/attachments”: Keine Berechtigungmost probely, service starts as “SOME” users and rights are root there.
ls -al /home/kopano/attachments
shows which user? -
yes its strange
als tried the thing with config script before… did not help :/ls -al /home/kopano/attachments
drwxrwx— 12 kopano kopano 4096 Aug 12 00:17 .
drwxrwx— 3 kopano kopano 4096 Dez 30 2016 …
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 0
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 1
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 2
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 3
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 4
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 5
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 6
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 7
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 8
drwxrwx— 22 kopano kopano 4096 Mai 16 2014 9i tried to overwrite the settings with chown and chmod… didnt help either…
confused
-
Verify the config files as i showed.
Thats first todo now. -
could not find anything special…
diff /etc/kopano/server.cfg /etc/kopano/server.cfg.dpkg-dist
22c22
< server_pipe_name = /var/run/kopano/server.sock#server_pipe_name = /var/run/kopano/server.sock
28c28
< server_pipe_priority = /var/run/kopano/prio.sock
#server_pipe_priority = /var/run/kopano/prio.sock
45c45
< local_admin_users = root kopano fetchmail clamav vmail
local_admin_users = root kopano
52c52
< system_email_address = other@dot.com
system_email_address = postmaster@localhost
55c55
< run_as_user = kopano
#run_as_user = kopano
58c58
< run_as_group = kopano
#run_as_group = kopano
61c61
< pid_file = /var/run/kopano/server.pid
#pid_file = /var/run/kopano/server.pid
71c71
< coredump_enabled = systemdefault
#coredump_enabled = systemdefault
93c93
< log_level = 6
#log_level = 3
99c99
< log_buffer_size = 0
#log_buffer_size = 0
129c129
< mysql_user = kopano
mysql_user = root
132c132
< mysql_password = xxx
mysql_password =
159,160c159
< #attachment_path = /home/kopano/attachments
< attachment_path = /var/lib/kopano/attachments
attachment_path = /var/lib/kopano/attachments
201c200
< server_ssl_key_file = /etc/ssl/certs/ssl.pem
server_ssl_key_file = /etc/kopano/ssl/server.pem
204c203
< server_ssl_key_pass =
server_ssl_key_pass = replace-with-server-cert-password
207c206
< server_ssl_ca_file = /etc/ssl/certs/ssl.cer
server_ssl_ca_file = /etc/kopano/ssl/cacert.pem
214c213
< #server_ssl_protocols = !SSLv2
#server_ssl_protocols =
322c321
< quota_warn = 1000
quota_warn = 0
442c441
< disabled_features = pop3
disabled_features = imap pop3
-
just to note: i also tried the /usr/share/man/man5/kopano-server.cfg.5.gz file with my parameters without success
same result :/i have no idea why the attachment folder cant be written on /home ; specially when it was no problem with the version before
-
@gmcpaul said in kopano server cannot write attachment folder:
just to note: i also tried the /usr/share/man/man5/kopano-server.cfg.5.gz file with my parameters without success
Yeah, comparing the cfg files was imho a deadend anyways. The only bit of information that could be gained from it is if you had used a completely different
run_as_.@gmcpaul said in kopano server cannot write attachment folder:
i also wonder why it should have that issue just after upgrading the dep packages…
Kopano is just using the filesystem provided by your os, so whatever now prevents the software from accessing this path must have come from either system updates, a changed system configuration or other external factors.
To verify this you could run
sudo -u kopano touch /home/kopano/attachments/test. This will switch into the user context of the Kopano user and will want to create a file at the given path. This will already fail for you. -
hi felix,
thanks for your reply.
tried your suggestion … fails not O_o
root@srv01:/# sudo -u kopano touch /home/kopano/attachments/test
root@srv01:/# cd /home/kopano/attachments/
root@srv01:/home/kopano/attachments# ls
0 1 2 3 4 5 6 7 8 9 test -
even updated os to ubuntu 20.04 lts … just for “fun”
then reinstalled the latest nightly build, core-10.0.6.406.7ff4b4b-Ubuntu_20.04-amd64.tar.gz.i checked if kopano-server is started as user kopano via ps and it did.
also tried to start the kopano-server by commenting the run-as parameters out of the server.cnf file.
the sudo -u kopano …touch test proofed that there is no problem with permissions for the homedir
apparmor was disabledfor me it looks like a bug … but are there any other tests i can make to find the problem?
thanks
-
@gmcpaul which version were you using prior to your upgrade?
In case you can write to a path directly, but not when the running through systemd, then https://stash.kopano.io/projects/KC/repos/kopanocore/commits/f957fea2d774581d1150ca32e25e40c023140788#installer/linux/kopano-server.service could be the culprit.
-
Hi @fbartels ,
According to the Logs it should have been 9.0.2.158.3dd898471-0+246.1.my kopano-sever.service part :
[Service]
Type=simple
ExecStart=/usr/sbin/kopano-server
ExecReload=/bin/kill -HUP $MAINPID
TimeoutStopSec=60
ProtectSystem=full
ProtectHome=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
PrivateTmp=yes
MemoryDenyWriteExecute=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
