MAIB folder permission

Help with Unusual Circumstances
#1

I have made a mistake while trying to fix a permission issue and now I cannot get mail from any email because of the permission and I have no clue which permission I should be setting.

This is the error I’m getting:

May 11 11:36:29 imap(jenny@xxx.com): Error: file_dotlock_create(/mnt/data/miab/mail/mailboxes/xxx.com/jenny/.INBOX.Completed/dovecot-uidlist) failed: Permission denied (euid=8(mail) egid=8(mail) missing +w perm: /mnt/data/miab/mail/mailboxes/xxx.com/jenny/.INBOX.Completed, we’re not in group 33(www-data), dir owned by 1001:33 mode=0775)

This is what I ran on the entire folder and it doesn’t work:
sudo chmod 775 -R . && sudo chown www-data:www-data -R .

I’m not sure what permission I should be setting to make this work properly.

From what I see here: 'we’re not in group 33(www-data)"
Which group should I be using instead of www-data?

Thanks

#2

chown -R mail:mail …/mail/mailboxes/xxx.com/jenny/
I think…

#3

Have you tried running sudo mailinabox?

For future reference, 775 is for directories and is a serious security risk to place on just regular files. Files are generally 664 or 644, or possibly 640, 600, or 400, depending on the requirements.

#4

I didn’t try running the “sudo mailinabox”.

Should I run this on the miab folder?

sudo chmod 664 -R miab && sudo chown mail:mail -R miab

#5

No, because that permission will break the directories.

It might be better if you shared what your goal is, because it appears you are not familiar with Unix command line, file structures, permissions, and ownership, so it’s harder for us to help you achieve your goal.

#6

No I’m not familiar with setting the right permission.
It is usually a guess.
All I’m trying to accomplish is to setup the right permission on the miab folder so the mail server can work normally.

Now the permission seems to be fine after executing this:
sudo chown mail:mail -R miab

I also did that: sudo chmod 777 -R .
To make sure that it runs correctly for now.

But it’s not a good practice to have 777 on everything for the miab folder. It seems that it will be a lot of work if I have to navigate between each folder under the “miab” folder to set different permission for folder and files.

Should I set all the folder to “sudo chmod 775 -R miab” and then go in each folder and set the file to sudo chmod 644?

#7

I’m honestly not sure how you got here…

I don’t know if running the setup script will fix the permissions it I think I would try it.

#8

It is more helpful when you can provide more information. For example, when you run sudo chmod 777 -R ., I don’t know what directory you are running that from, so I don’t know what else is broken. For example, if you ran that command on everything that is normally in /home/user-data/, then you will find that anything needing to use the TLS server keys will eventually no longer work because there are specific ownership and permissions requirements on the private keys.

MiaB, when installed, configures the permissions automatically, so what isn’t clear is the reason for configuring the server other than how the install scripts configured the server.

Running sudo mailinabox may resolve permissions issue, at least as far as ownership and permissions on each directory and file.

#9

I have ran the permission commands on the folder where miab 0.56 is installed.
/mnt/data/miab

I have not changed the permission anywhere else.

Now I get many errors when I change the permission on anything else then 777.
sudo chmod 775 -R miab
or
sudo chmod 770 -R miab
Both will not work.

I’m trying to run the installation again with “sudo mailinabox”
But it is not working:

Updating system packages…
Installing system packages…
Initializing system random number generator…
Firewall is active and enabled on system startup
Installing nsd (DNS server)…
Installing Postfix (SMTP server)…
Installing Dovecot (IMAP server)…
Installing OpenDKIM/OpenDMARC…
Installing SpamAssassin…
Installing Nginx (web server)…
Installing Roundcube (webmail)…
Installing Nextcloud (contacts/calendar)…

FAILED: sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard

Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/lib/owncloud/lib/private/Console/Application.php:168
Stack trace:
#0 /usr/local/lib/owncloud/console.php(99): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 {main}-----------------------------------------

#10

I dont think that by default that MiaB works on path /mnt/data/miab

#11

The reason I have changed the permission is because I was trying to fix the permission issue that netcloud was giving.

#12

It’s been working like this for many years.
Running the setup again has now render the server not functional at all.

FAILED: sudo -u www-data php /usr/local/lib/owncloud/console.php app:disable firstrunwizard

Your data directory is readable by other users
Please change the permissions to 0770 so that the directory cannot be listed by other users.

An unhandled exception has been thrown:
Exception: Environment not properly prepared. in /usr/local/lib/owncloud/lib/private/Console/Application.php:168
Stack trace:
#0 /usr/local/lib/owncloud/console.php(99): OC\Console\Application->loadCommands(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#1 {main}-----------------------------------------

#13

is it a symbolic link?

#14

No, it’s a hard drive dedicated to miab

#15

I’m guessing that is why things are having problems in the install script. I think it assumes everything is under /home/user-data/

#16

No, I have installed many version of miab and everything has always worked. It’s broken because I change the freaking permissions and now I cannot install it again. This is so weird that it broke everything like that.

#17

Since /mnt/data/miab is not a standard directory configured by MiaB, I don’t know what is in that directory. Please post the output of:

$ ll /mnt/data/miab

You can also try running the install script

curl -s https://mailinabox.email/setup.sh | sudo -E bash

However, this is just guessing right now. You might try posting in the slack channel, but my guess is that you may need to restore from your most recent backup or manually correct all the file permissions.

I strongly recommend when you have a problem with MiaB to post it here as changes to the system can be either a monumental task to fix or in some cases irreparable.

#18

xxxx@box:/mnt/data/miab$ ll /mnt/data/miab
total 44
drwxrwxrwx 9 mail mail 4096 Dec 10 2020 ./
drwxr-xr-x 3 root root 4096 Jan 14 2021 …/
drwxrwxrwx 4 mail mail 4096 Dec 11 2020 backup/
drwxrwxrwx 3 mail mail 4096 Dec 11 2020 dns/
drwxrwxr-x 7 root www-data 4096 May 7 15:33 mail/
-rwxrwxrwx 1 mail mail 3 Nov 2 2021 mailinabox.version*
drwxrwxrwx 28 mail mail 4096 May 11 14:06 owncloud/
drwxrwxrwx 6 mail mail 4096 Feb 8 09:21 owncloud-backup/
-rwxrwxrwx 1 mail mail 15 Dec 10 2020 settings.yaml*
drwxrwxrwx 3 mail mail 4096 Apr 27 04:00 ssl/
drwxrwxrwx 5 user-data mail 4096 Nov 5 2021 www/
pmercier@box:/mnt/data/miab$

#19

Somehow there are no .files. Just to confirm, does ls -alhF /mnt/data/miab print the same?

#20

image

This folder:/mnt/data/miab
is where all my data is stored.