LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   open lock file /var/lib/postfix/master.lock: cannot open file: Permission denied (http://www.linuxquestions.org/questions/linux-server-73/open-lock-file-var-lib-postfix-master-lock-cannot-open-file-permission-denied-700674/)

gabsik 01-28-2009 10:01 PM

open lock file /var/lib/postfix/master.lock: cannot open file: Permission denied
 
Hi LQ!
My postfix stopped working after complaining about permissions on its $data_directory which are:
Code:

root@mail:~# ls -ld /var/lib/postfix/
drwxrw-rw- 2 postfix postdrop 4096 2008-11-17 22:49 /var/lib/postfix/

That's after i have changed it to get it working but it was owned by root.
These are the permissions for the file inside the $data_direcoty i have not changed:
Code:

root@mail:~# ls -la /var/lib/postfix/
total 120
drwxrw-rw-  2 postfix postdrop  4096 2008-11-17 22:49 .
drwx------ 65 root    root      4096 2009-01-28 22:03 ..
-rw-rw-rw-  1 postfix postdrop    17 2009-01-27 01:47 master.lock
-rw-rw-rw-  1 postfix postdrop  1024 2009-01-28 23:19 prng_exch
-rw-rw-rw-  1 postfix postdrop 16384 2008-11-17 21:28 smtpd_scache.db
-rw-rw-rw-  1 postfix postdrop 24576 2009-01-28 23:18 smtpd_tls_session_cache.db
-rw-rw-rw-  1 postfix postdrop  8192 2008-11-17 21:10 smtp_scache.db
-rw-rw-rw-  1 postfix postdrop 53248 2009-01-28 22:56 smtp_tls_session_cache.db

The logs started complaining about tlsmgr not able to open PNRG file:
Code:

Jan 28 23:41:47 mail postfix/tlsmgr[11160]: fatal: tls_prng_exch_open: cannot open PRNG exchange file /var/lib/postfix/prng_exch: Permission denied
Jan 28 23:41:48 mail postfix/master[6728]: warning: process /usr/lib/postfix/tlsmgr pid 11160 exit status 1

.
Than postfix stopped running because not able to open its lockfile:
Code:

fatal: open lock file /var/lib/postfix/master.lock: cannot open file: Permission denied
This is my main.cf.
Code:

alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = $mydomain
delay_warning_time = 4h
disable_dns_lookups = yes
disable_vrfy_command = yes
home_mailbox = Maildir/
html_directory = no
inet_interfaces = all
inet_protocols = all
local_recipient_maps =
mail_owner = postfix
mailbox_command =
mailbox_size_limit = 0
masquerade_domains = domain.com
masquerade_exceptions = root
mydestination = $mydomain, mail.$mydomain ,smtp.$mydomain ,pop.$mydomain ,www.$mydomain ,ns2.$mydomain ,argo.$mydomain,localhost,/etc/postfix/mixmaster_domains
mydomain = domain.com
myhostname = mail.$mydomain
mynetworks = 127.0.0.0/8 , 192.168.1.0/24, 10.0.0.0/8
mynetworks_style = subnet
myorigin = $mydomain
queue_directory = /var/spool/postfix
recipient_delimiter = +
relay_domains = hash:/etc/postfix/relay_domains
relayhost = [smtp.relayhost]:587
setgid_group = postdrop
smtp_sasl_auth_enable = yes
smtp_sasl_mechanism_filter = plain,login
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =
smtp_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_cert_file = /etc/postfix/ssl/cert.pem
smtp_tls_exclude_ciphers = aNULL
smtp_tls_fingerprint_cert_match = 51:20:AA:D3:1C:2B:5E:51:01:78:90:DE:6F:09:3D:EE:03:CF:69:85
smtp_tls_fingerprint_digest = sha1
smtp_tls_key_file = /etc/postfix/ssl/key.pem
smtp_tls_mandatory_exclude_ciphers = RC4
smtp_tls_mandatory_protocols = SSLv2, SSLv3, TLSv1
smtp_tls_note_starttls_offer = yes
smtp_tls_policy_maps = hash:/etc/postfix/tls_per_site
smtp_tls_security_level = fingerprint
smtp_tls_session_cache_database = ${data_directory}/smtp_tls_session_cache
smtpd_banner = $myhostname ESMTP $mail_name (Free/OS)
smtpd_client_restrictions = reject_unauth_hostname,        reject_invalid_hostname,        permit_mynetworks,        permit_tls_all_clientcerts,        permit_sasl_authenticated,        check_recipient_access hash:/etc/postfix/client_access.txt,        reject_rbl_client zen.spamhaus.org,        reject_rbl_client combined.njabl.org,        reject_rbl_client bl.spamcop.net,        reject_rhsbl_client rhsbl.sorbs.net,        permit
smtpd_error_sleep_time = 0
smtpd_helo_required = no
smtpd_reject_unlisted_sender = no
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sasl_path = private/auth
smtpd_sasl_security_options = noanonymous
smtpd_sasl_type = dovecot
smtpd_starttls_timeout = 300s
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_cert_file = /etc/postfix/ssl/cert.pem
smtpd_tls_key_file = /etc/postfix/ssl/key.pem
smtpd_tls_received_header = no
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = ${data_directory}/smtpd_tls_session_cache
smtpd_use_tls = yes
soft_bounce = yes
strict_rfc821_envelopes = no
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_source = dev:/dev/urandom

One last thing :
do they look regular permissions on $spool_directory:
Code:

root@mail:~# ls -ld /var/spool/postfix/
drwxr-xr-x 21 root root 4096 2008-11-17 02:56 /var/spool/postfix/

and inside:
Code:

root@mail:~# ls -la /var/spool/postfix/
total 84
drwxr-xr-x 21 root    root    4096 2008-11-17 02:56 .
drwxr-xr-x 12 root    root    4096 2009-01-11 06:50 ..
drwx------  2 postfix root    4096 2009-01-28 23:46 active
drwx------  2 postfix root    4096 2008-11-28 10:58 bounce
drwx------  2 postfix root    4096 2008-11-17 01:58 corrupt
drwx------ 18 postfix root    4096 2008-11-28 06:40 defer
drwx------ 18 postfix root    4096 2008-11-28 06:40 deferred
drwxr-xr-x  2 root    root    4096 2008-09-14 16:09 dev
drwxr-xr-x  3 root    root    4096 2009-01-29 04:04 etc
drwx------  2 postfix root    4096 2009-01-17 00:01 flush
drwx------  2 postfix root    4096 2008-11-17 01:58 hold
drwx------  2 postfix root    4096 2009-01-28 23:41 incoming
drwxr-xr-x  2 root    root    4096 2009-01-29 04:04 lib
drwx-wx--T  2 postfix postdrop 4096 2009-01-29 03:58 maildrop
drwxr-xr-x  2 postfix root    4096 2009-01-28 20:37 pid
drwx------  2 postfix root    4096 2009-01-28 23:57 private
drwx--s---  2 postfix postdrop 4096 2009-01-27 01:47 public
drwx------  2 postfix root    4096 2008-11-17 01:58 saved
drwx------  2 postfix root    4096 2009-01-28 20:37 trace
drwxr-xr-x  3 root    root    4096 2008-11-17 01:55 usr
drwxr-xr-x  3 root    root    4096 2008-11-17 02:56 var

I have tried to use also this directory as data directory but with no success , at this stage i could say i'm a little confused about ownerships and permissions of postfix directory and file and home dirs etc.
I hope i gave all the infos necessary to help me out , the problem is really urgent , whatever else you need just ask , thanks !!!

auximini 01-28-2009 10:37 PM

What distribution are you using? Is AppArmor or SELinux also installed?

gabsik 01-30-2009 12:39 PM

It's in my LQ references under my name gabsik ... anyway it's debian !
No Selinux it's not enabled .

ca_mongrel 08-06-2009 01:14 AM

Similar problem
 
This question is directed to Gabsik... Did you solve your problem? If so, what was the issue? I have the same message regarding inability to open master.lock due to permission denied. My Postfix server has been running fine for months, and this suddenly happened. I have not touched the relevant directories or files.

tibal 01-23-2010 01:23 PM

Hi

I had this problem, just after installing a tarball with tar xfz code.tar.gz -C / . . While this has nothing to do with Postfix, my email server didn't restarted after that.
If you read my message I bet you are experiencing the same issue about master.lock permissions, and you double checked carefully it's mode as well as parent directories. But did you check the root directory ???

Code:

# ls -ld /
drwx------ 16 root root 4096 2010-01-02 13:56 /

If you get the same result, then you're not far from resolving your Postfix problem :)
Actually 700 is a bad mode for the root !
Just change it to a regular 755 value.

Code:

# chmod 755 /
# ls -ld /
drwxr-xr-x 16 root root 4096 2010-01-02 13:59 /

And hopefully you'll get Postfix chrooting happily :)

Cheers!

jonasd1986 05-23-2011 10:40 AM

master.lock
 
For me it had to be file master.lock like postfix owner ant postfix group

chown postfix /var/lib/postfix/master.lock
chgrp postfix /var/lib/postfix/master.lock

/etc/init.d/postfix restart

mictai 08-30-2012 10:39 PM

setenforce 0
 
i don't know why that i set "setenforce 0" ,my postfix does work again


All times are GMT -5. The time now is 10:10 AM.