Hi,

> Davmail seems to run with systemd's DynamicUser configuration. That means
> that the user the daemon runs with is not known before runtime. Therefore
> I cannot give specific permissions to the private keys for SSL. See the
> excerpt from the configuration file /etc/davmail.properties below. I
> use davmail.ssl.keystoreFile to set the file with the certificate and
> the private key. I have to give o+r permissions to make this work,
> because I cannot change the ownership to the user davmail uses.

I can see multiple solutions to this:

1) if you adduser --system _davmail, systemd should use that user and
you can set permissions on your keystoreFile

2) adding to the service the following and the associated script that
copies the keystoreFile in /var/lib/davmail

    StateDirectory=davmail
    PermissionsStartOnly=true
    ExecStartPre=/usr/share/davmail/service-prepare

The second solution would also copy the conf file so that it can be
writable by davmail in order to save Oauth session tokens which does
not work at the moment using DynamicUser. I'll try this solution and
get back to you.

> Aug 11 14:21:52 delta davmail[167802]: 2020-08-11 14:21:52,294 ERROR [main] 
> davmail  - Unable to set log file path
>
> The log file directive in /etc/davmail.properties is also printed below.
> I use davmail.logFilePath to set the log path. But I cannot give the
> daemon the right permissions to the /var/log path, because the user is
> not known before runtime due to the DynamicUser configuration.

The service file reads:

    LogsDirectory=davmail

which means that the service is given access to /var/log/davmail/ and
that configuring the following should work:

    davmail.logFilePath=/var/log/davmail/davmail.log

(as it is in the default conf)

Thanks a lot for your feedback, and please get back to me on what
works for you so I can document and improve the package on what works
and what does not.

Alex

Reply via email to