Permission denied ... failed to expand dkim_private_key: failed to open /srv/somedomain.co.uk/config/dkim.key

Problem Description

A string of entries in /etc/log/exim4/paniclog, which suggest a permissions issue with the dkim.key file.

Looks like they date back to enabling DKIM a week or so ago, which all looked fine and dandy, but now not so sure.

The group / owner permissions are, as I would have expected, set to sympl:sympl

I think all sent mail was throwing up the error, but they are otherwise getting sent ok.

I then found a thread on this problem here: https://forum.bytemark.co.uk/t/dkim-permission-denied/2990/22

I made the changes suggested, but there is a process that resets the permissions, as my changes didn’t stick.

However the problem does seem to have gone away since the permissions change I made a few days ago.

Any Error Messages

2019-10-25 18:42:33 1iO3bb-0000CU-3J failed to expand dkim_private_key: failed to open /srv/somedomain.co.uk/config/dkim.key: Permission denied (euid=109 egid=1000)
2019-10-27 07:15:09 1iOclX-0001jm-7s failed to expand dkim_private_key: failed to open /srv/somedomain.co.uk/config/dkim.key: Permission denied (euid=109 egid=1000)
2019-10-27 07:20:07 1iOcqK-0001pJ-QA failed to expand dkim_private_key: failed to open /srv/somedomain.co.uk/config/dkim.key: Permission denied (euid=109 egid=1000)

etc…

Environment

  • Sympl Version [9.0]:
  • Debian Version [Stretch]:
  • Hardware Type? [Virtual]
  • Sympl Testing Version? [No]
  • Host? Mythic

I had this a long time ago when testing before release. Pretty sure it was fixed.

Maybe there’s been a regression?

Quickest workaround would be to chgrp the file to the same group as exim runs in, and make sure it’s group readable I think.

Andy

Yea, this was supposed to be fixed a few weeks ago.

@aye_philip Can you run sympl update and see if there’s any updated packages (if you made any changes, they may be preventing an automatic update).

If not, run dpkg -l | grep 'ii sympl-' | awk '{ print $2 " " $3 }' to get the list of current versions, and I’ll take a closer look.

Thanks @adhawkins @Kelduum

I did fiddle with the ownership/permissions and the errors did go away.

On checking this morning the ownership and permissions had reverted, strange to say the least.

@Kelduum

It all looked up to date on running sympl update.

Here is what I have:

sudo dpkg -l | grep 'sympl-' | awk '{ print $2 " " $3 }
sympl-backup 9.0.190731.0
sympl-core 9.0.191017.0
sympl-cron 9.0.190719.0
sympl-dns 9.0.190611.0
sympl-firewall 9.0.190816.0
sympl-ftp 9.0.190624.0
sympl-mail 9.0.191004.0
sympl-monit 9.0.190706.0
sympl-mysql 9.0.190731.0
sympl-phpmyadmin 9.0.190706.0
sympl-updater 9.0.190611.0
sympl-web 9.0.190709.0
sympl-webmail 9.0.190619.0