maddy icon indicating copy to clipboard operation
maddy copied to clipboard

Published 20 hours ago verified publisher icon foxcpp

Correct setup doc

Open clsty opened this issue 2 years ago • 5 comments

Add two lines of commands in Installation guide.

As for my test, it won't work without either of these lines.

clsty avatar Oct 19 '23 09:10 clsty

Wondering why systemd doesn't do it already since we set StateDirectory and RuntimeDirectory.

Except in case of ConfigurationDirectory=, the innermost specified directories will be owned by the user and group specified in User= and Group=. If the specified directories already exist and their owning user or group do not match the configured ones, all files and directories below the specified directories as well as the directories themselves will have their file ownership recursively changed to match what is configured.

Same goes for capabilities:

AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE

foxcpp avatar Jan 21 '24 19:01 foxcpp

AmbientCapabilities was added in systemd v229. StateDirectory was added in systemd v211.

What is your distribution/systemd version?

foxcpp avatar Jan 21 '24 19:01 foxcpp

  • Rocky Linux 9.0 (Blue Onyx)
  • systemd 250 (250-6.e19_0)

clsty avatar Jan 21 '24 23:01 clsty

Is there anything in the system journal regarding maddy.service when you run systemctl daemon-reload or on service start? I wonder why directives in maddy.service are not applied.

foxcpp avatar Jan 22 '24 07:01 foxcpp

I tried disable maddy.service and remove those permissions and enable again, this time the permissions are applied automatically just as you described.

However, this is not a fresh installation anymore. I can't tell why the first time it didn't work. My journalctl does not keep logs persistently.

Let me paste the log of the fresh installation (months ago) in .zsh_history though.

Click to expand 
wget https://github.com/foxcpp/maddy/releases/download/v0.7.0/maddy-0.7.0-x86_64-linux-musl.tar.zst
unzstd maddy-0.7.0-x86_64-linux-musl.tar.zst
tar -xvf maddy-
tar -xvf maddy-0.7.0-x86_64-linux-musl.tar
cd maddy-0.7.0-x86_64-linux-musl
mkdir /etc/maddy
cp maddy.conf /etc/maddy
cp maddy maddyctl /usr/bin
cp systemd/*.service /etc/systemd/system
mkdir /etc/maddy
cp maddy.conf /etc/maddy
cp maddy /usr/bin
cp systemd/*.service /etc/systemd/system
ls /sbin
useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy
dnf install certbot
dnf install python-certbot-nginx
vim /etc/nginx/conf.d/maddy.conf
vim /etc/maddy/maddy.conf
ip a
lsblk -f
for i in 25 465 587 993 143;do lsof -i $i;done
for i in 25 465 587 993 143;do lsof -i:$i;done
for i in 25 465 587 993 143 443;do lsof -i:$i;done
ls -l /
ls -l /etc/certkey
ls -l /etc/
setfacl
setfacl -R -m u:maddy:rx /etc/certkey/cert.{key,pem}
setfacl -R -m u:maddy:rx /etc/certkey/cert.{key,pemm}
systemctl enable --now maddy.service
systemctl status maddy.service
vim /etc/maddy/maddy.conf
systemctl start maddy
journalctl -xeu maddy.service
systemctl status maddy.service
systemctl daemon-reload
clear
useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy
userdel maddy
useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy
userdel maddy
rm -rf /var/lib/maddy
useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy
systemctl start maddy
maddy
su maddy
maddy run
systemctl status maddy
systemctl start maddy
vifm /etc/systemd/system maddy-0.7.0-x86_64-linux-musl/systemd
mv /usr/bin/maddy /usr/local/bin/maddy
systemctl start maddy
maddy
which maddy
/usr/local/bin/maddy run
su - maddy -c /usr/local/bin/maddy run
runuser -l maddy -c '/usr/local/bin/maddy run'
chsh -s /bin/bash maddy
runuser -l maddy -c '/usr/local/bin/maddy run'
ls /run/maddy
vifm /run/maddy
chown maddy:maddy /run/maddy
runuser -l maddy -c '/usr/local/bin/maddy run'
chown -R maddy:maddy /var/lib/maddy
runuser -l maddy -c '/usr/local/bin/maddy run'
chown -R maddy:maddy /run/maddy
runuser -l maddy -c '/usr/local/bin/maddy run'
lsof -i:25
netstat -tulpn | grep :25
setcap 'cap_net_bind_service=+ep' /usr/local/bin/maddy
runuser -l maddy -c '/usr/local/bin/maddy run'
systemctl start maddy
systemctl enable maddy
chown -R maddy:maddy /var/lib/maddy /run/maddy
setcap 'cap_net_bind_service=+ep' /usr/local/bin/maddy

NOTE: I use vifm (TUI filemanager) sometimes, so that not all paths of edited files nor the cps, mvs were logged.

Maybe it's because of SELinux? I'm not familiar with this thing, but could it be possible that once I gave the permission manually, the restriction disappeared so that systemd could add it for me after that?

clsty avatar Jan 22 '24 08:01 clsty