Permission denied opening logfile

[lukos]

I have attempted to install prometheus-postfix-exporter as an ubuntu package but I cannot get it to work on 20.04 (permission denied opening the logfile), whereas it does work on another server 22.04 which seems to have the same config.

The documentation doesn't say anything about permissions anywhere but the service is installed as user prometheus which doesn't appear to have any special permissions or be added into any groups. For this reason, the permission denied problem makes sense to me and might simply point to needing some docs to say, "by the way, you have to setup relevant permissions etc." except for the fact that the other server works without these steps!

The docs say that this exporter will truncate the incoming log file which presumably means that the prometheus user needs to have write permissions to the log file. However, this doesn't actually seem to happen, I ran the exporter on the CLI as root and it ran up fine but didn't truncate the logfile (the metrics were all shown on port 9054 as expected)

So as you can see, I have got very confused. Since it does work as root, maybe it is just a permissions issue and maybe it is not actually supposed to truncate the file any more? I got the ubuntu instructions here: https://manpages.ubuntu.com/manpages/focal/man1/prometheus-postfix-exporter.1.html

Thanks

[lukos]

OK, so I found a bug/feature in rsyslog which makes it all confusing! In Ubuntu, rsyslog runs as syslog:syslog by default (not root:root as per Debian), this means that not all of the permission features that you are supposed to have in syslog configurations work as expected.

For example, I tried creating the second exporter log file as prometheus:prometheus so it could be read (and truncated) by the exporter but then realised this didn't work because syslog does not have permission to chown a file owned by someone else. I also noticed that the log file that this package is supposed to configure (under /var/log/prometheus/postfix-exporter) also wasn't create for similar reasons.

Eventually, the only way I could make it work was to let syslog create the files/create them manually and then set their permissions using sudo. I set the second log file to be syslog:prometheus so that syslog can write it and prometheus can read/truncate it. I then set the mail.log under /var/log/prometheus/postfix-exporter to prometheus:adm, which should have had a similar effect.

Anyway, the result is that data is logged to the second logfile that is recommended (since it gets truncated) but it is STILL not truncating after the metrics are read. I'm not sure whether the whole file should be consumed/truncated (as I am expecting) or whether it is more intelligent and will leave some data and delete the rest, which might be what is happening but this is still really hard to set up.

Ubuntu 22.04 btw.

[lukos]

Even more head-scratching, there are a number of things broken with the Ubuntu install and the documentation (both the generic and the ubuntu man page linked above).

• In the Ubuntu package, systemd is enabled by default. This is not documented and there is no mention of the effect of this vs the log file
• The ubuntu docs say that you should split the log file since it will be truncated. This is no longer true, the package tails it instead
• The package adds an entry for rsyslog which doesn't work in Ubuntu due to the permission issues mentioned above. The effect is that the default log file is never created. This has to be created manually although.
• Since the system doesn't truncate the file any more, it might as well point to the default postfix mail.log, in which case the rsyslog config is not required at all

Happy to do some PR stuff but need a steer on where I can change the docs for Ubuntu and what level of detail you want to avoid the docs getting too bloated. For example, I could add a section in readme.md which discusses the issues with Ubuntu. I personally don't know the systemd vs logfile difference either.