Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Miggl
Miggl Author
User level: Level 1
89 points

Postfix Permission Problems

Hi all,


After restoring my Service Data from Time Machine after switching hard drives, I now have permission issues pretty much across the board. In particular with mail (which I'd like to solve first, and then move on to the other services). I have my Service Data stored on a secondary hard drive 'Data HD' under /Volumes/Data HD/.


Here is the log file with the errors:


SMTP Log
Dec 17 11:33:28 rocking-mm.com postfix/postfix-script[70011]: fatal: the Postfix mail system is not running
Dec 17 11:33:48 rocking-mm.com postfix/postfix-script[70141]: warning: not owned by _postfix: /Library/Server/Mail/Data/mta/./guid_device_maps.plist
Dec 17 11:33:48 rocking-mm.com postfix/postfix-script[70144]: warning: group or other writable: /Library/Server/Mail/Data/mta
Dec 17 11:33:51 rocking-mm.com mail_groups[70824]: initializing email group services: v2.1
Dec 17 11:33:53 rocking-mm.com postfix/master[70823]: daemon started -- version 2.9.2, configuration /Library/Server/Mail/Config/postfix
Dec 17 11:33:53 rocking-mm.com mail_groups[70824]: updated local mail groups in: /etc/aliases
Dec 17 11:33:53 rocking-mm.com mail_groups[70824]: no enabled mail groups found

Mail Server Log
Dec 17 11:35:24 rocking-mm.com log[70839]: imap(pid 70846 user com.apple.calendarserver): Error: stat(/Volumes/Data HD/Library/Server/Mail/Data/mail/CC9DB76B-F152-48B8-917D-E334547EEC45/tmp) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +x perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/CC9DB76B-F152-48B8-917D-E334547EEC45, dir owned by 501:80 mode=0700)
Dec 17 11:35:35 rocking-mm.com log[70839]: imap-login: Login: user=<helpdesk>, method=PLAIN, rip=192.168.13.10, lip=192.168.13.10, mpid=70846, TLS
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Error: stat(/Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906/tmp) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +x perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906, dir owned by 501:80 mode=0700)
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Error: opendir(/Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +r perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906, UNIX perms appear ok (ACL/MAC wrong?))
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Disconnected: Logged out bytes=44/565

IMAP Log
Dec 17 11:35:24 rocking-mm.com log[70839]: imap(pid 70846 user com.apple.calendarserver): Error: stat(/Volumes/Data HD/Library/Server/Mail/Data/mail/CC9DB76B-F152-48B8-917D-E334547EEC45/tmp) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +x perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/CC9DB76B-F152-48B8-917D-E334547EEC45, dir owned by 501:80 mode=0700)
Dec 17 11:35:35 rocking-mm.com log[70839]: imap-login: Login: user=<helpdesk>, method=PLAIN, rip=192.168.13.10, lip=192.168.13.10, mpid=70846, TLS
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Error: stat(/Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906/tmp) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +x perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906, dir owned by 501:80 mode=0700)
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Error: opendir(/Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906) failed: Permission denied (euid=214(_dovecot) egid=6(mail) missing +r perm: /Volumes/Data HD/Library/Server/Mail/Data/mail/0E8BDDB9-34F5-4C18-AA40-BDD759130906, UNIX perms appear ok (ACL/MAC wrong?))
Dec 17 11:35:35 rocking-mm.com log[70839]: imap(pid 70846 user helpdesk): Disconnected: Logged out bytes=44/565


These issues go away when I set the "Ignore ownership on this volume" flag in the Get Info window.

Any ideas on how to fix the permissions?


Thanks,

~Mike

OS X Server, 4GB RAM, Mountain Lion

Posted on Dec 17, 2012 10:32 AM

Reply
18 replies
User profile for user: paulbeard
paulbeard
User level: Level 1
5 points

Apr 26, 2013 10:42 AM in response to Linc Davis

Interesting. I never knew about that command (/usr/libexec/postfix/post-install).


It seems to fail on a lack of awareness of where it is. None of these —

MOST_PARAMETERS="command_directory daemon_directory data_directory


html_directory mail_owner mailq_path manpage_directory

newaliases_path queue_directory readme_directory sample_directory

sendmail_path setgid_group"

NON_SHARED="config_directory queue_directory data_directory"


— are set properly.


locate postfix-files

/private/etc/postfix/postfix-files


postconf daemon_directory

daemon_directory = /usr/libexec/postfix <- should be /private/etc/postfix, no?



Reply
User profile for user: paulbeard
paulbeard
User level: Level 1
5 points

Apr 26, 2013 4:48 PM in response to paulbeard

What's most annoying about this is that each time I get this working, it reverts when I reboot. So there is some initialization process that alters file permissions to the wrong settings which block postfix from running.


No way to edit my earlier comment, but it looks like postfix is installed in a, um, non-standard way. The various directories have all this MiXedCase directory stuff that makes comparisons to other system irritating.

config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix data_directory = /Library/Server/Mail/Data/mta debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5 html_directory = /usr/share/doc/postfix/html manpage_directory = /usr/share/man queue_directory = /Library/Server/Mail/Data/spool readme_directory = /usr/share/doc/postfix sample_directory = /usr/share/doc/postfix/examples


vs

command_directory = /usr/local/sbin config_directory = /usr/local/etc/postfix daemon_directory = /usr/local/libexec/postfix data_directory = /var/db/postfix html_directory = /usr/local/share/doc/postfix manpage_directory = /usr/local/man queue_directory = /var/spool/postfix readme_directory = /usr/local/share/doc/postfix sample_directory = /usr/local/etc/postfix

Not that /usr/libexec/postfix/post-install cares.


<pre>

/usr/libexec/postfix/post-install create-missing

/usr/libexec/postfix/post-install: Error: /postfix-files is not a file.

</pre>


postfix set-permissions seems to be confused as well.

postfix set-permissions postfix start postfix/postfix-script: warning: group or other writable: /Library/Server/Mail/Data/mta postfix/postfix-script: starting the Postfix mail system postfix/master[55937]: fatal: open lock file /Library/Server/Mail/Data/mta/master.lock: cannot open file: Permission denied

This seems to be the right setting:

ls -l /Library/Server/Mail/Data total 0 drwx------ 3 _postfix wheel 102 Apr 26 16:32 mta drwxr-xr-x 16 root wheel 544 Nov 9 10:32 spool


chmod g-rwx /Library/Server/Mail/Data/mta/


This is the difference:

46c46 < $data_directory:d:$mail_owner:-:700:uc --- > $data_directory:d:$mail_owner:-:770:uc

What this means, for anyone who isn't familiar with diff and patch, is that on line 46 of postfix-files, the permissions are set to 770 when they should be 700. If you have postfix-files and postfix-files\ \(original\) as I do, thanks to Time Machine, you can use this:

--- postfix-files 2013-04-26 16:42:29.000000000 -0700 +++ postfix-files (original) 2012-06-29 22:39:40.000000000 -0700 @@ -43,7 +43,7 @@ # permissions, so that running "make install" fixes any glitches. # $config_directory:d:root:-:755:u -$data_directory:d:$mail_owner:-:700:uc +$data_directory:d:$mail_owner:-:770:uc $daemon_directory:d:root:-:755:u $queue_directory:d:root:-:755:uc $sample_directory:d:root:-:755:o

Reply
User profile for user: UptimeJeff
UptimeJeff
User level: Level 4
3,479 points

Apr 26, 2013 5:16 PM in response to Miggl

Looks like you are using the wrong config directory and possibly running another instance of postfix.


Didn't have time to go back and read everything here, are you running a clean install of 10.8 or an upgrade?


It shoudl make more sense if you run postconf and specify the config directory.



sudo postconf -n -c /Library/Server/Mail/Config/postfix/



And you thought your earlier results were 'not so standard' 🙂

Basically, Apple puts all the binaties into the Server.app directory.

The config for most services are in /Library, postfix is at:

/Library/Server/Mail/Config/postfix


And data can be anywhere, but by default is also in /Library

for mail

/Library/Server/Mail/Data



If you haven't already, get familiar with the serveradmin command

sudo serveradmin settings mail

but you can edit files directly if you do it in the right place.


Jeff

Reply

Postfix Permission Problems

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up