search

Kozea / Radicale

A simple CalDAV (calendar) and CardDAV (contact) server.
https://radicale.org
GNU General Public License v3.0
3.35k stars 436 forks source link

500 Permission error #1614

Open MateuSai opened 1 day ago

MateuSai commented 1 day ago

Hi, I installed Radicale from apt. I followed the documentation, the configuration is basically the default:

# -*- mode: conf -*-
# vim:ft=cfg

# Config file for Radicale - A simple calendar server
#
# Place it into /etc/radicale/config (global)
# or ~/.config/radicale/config (user)
#
# The current values are the default ones

[server]

# CalDAV server hostnames separated by a comma
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
hosts = 192.168.10.171:5232

# Max parallel connections
#max_connections = 8

# Max size of request body (bytes)
#max_content_length = 100000000

# Socket timeout (seconds)
#timeout = 30

# SSL flag, enable HTTPS protocol
#ssl = False

# SSL certificate path
certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem

# SSL private key
key = /etc/ssl/private/ssl-cert-snakeoil.key

# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority =

[encoding]

# Encoding for responding requests
#request = utf-8

# Encoding for storing local collections
#stock = utf-8

[auth]

# Authentication method
# Value: none | htpasswd | remote_user | http_x_remote_user
type = htpasswd

# Htpasswd filename
htpasswd_filename = /etc/radicale/users

# Htpasswd encryption method
# Value: plain | bcrypt | md5
# bcrypt requires the installation of radicale[bcrypt].
#htpasswd_encryption = md5

# Incorrect authentication delay (seconds)
#delay = 1

# Message displayed in the client when a password is needed
#realm = Radicale - Password Required

[rights]

# Rights backend
# Value: none | authenticated | owner_only | owner_write | from_file
type = from_file

# File for rights management from_file
file = /etc/radicale/rights

[storage]

# Storage backend
# Value: multifilesystem
#type = multifilesystem

# Folder for storing local collections, created if not present
filesystem_folder = /var/lib/radicale/collections

# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000

# Command that is run after changes to storage
# Example: ([ -d .git ] || git init) && ([ -e .gitignore ] || printf '.Radicale.cache\n.Radicale.lock\n.Radicale.tmp-*\n' > .gitignore) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
#hook =

[web]

# Web interface backend
# Value: none | internal
#type = internal

[logging]

# Threshold for the logger
# Value: debug | info | warning | error | critical
#level = warning

# Don't include passwords in logs
#mask_passwords = True

[headers]

# Additional HTTP headers
#Access-Control-Allow-Origin = *

To run radicale I'm using the systemctl service, which installed automatically when I installed radicale using apt. The service runs radicale with the radicale user. I could not access the web server because of the error "[ERROR] An exception occurred during GET request on '/.web/': [Errno 13] Permission denied: '/var/lib/radicale/collections/.Radicale.lock'", which I fixed changing the owner of that file to radicale:radicale.

But now I'm getting the same error when I try to load or create an address book: 

11月 06 15:12:42 pop-os env[157324]: [2024-11-06 15:12:42 +0100] [157324/Thread-4 (process_request_thread)] [ERROR] An exception occurred during PUT request on '/mateu/c33c6926-9344-1f84-9072-f3a4d5f0d1c1/': [Errno 13] Permission denied: '/var/lib/radicale/collections/collection-root/mateu/.Radicale.tmp-j4_049wa'
11月 06 15:19:46 pop-os env[157324]: [2024-11-06 15:19:46 +0100] [157324/Thread-6 (process_request_thread)] [ERROR] An exception occurred during MKCOL request on '/mateu/b675910f-8620-f874-5e68-6899f667d9e8/': [Errno 13] Permission denied: '/var/lib/radicale/collections/collection-root/mateu/.Radicale.tmp-iaxg_yx7'

If instead of the service, I execute radicale with sudo radicale it works correctly, so for some reason the user radicale can't access the files on the collections directory. Any idea how I can fix that?

pbiering commented 1 day ago

Either a SELinux or a systemd service file having too many restrictions active. There were similar reports in the past, please check closed issues, discussions and Wiki

MateuSai commented 15 hours ago

None of the closed issues or wiki helped me. I fixed it adding StateDirectory=radicale at the service file. I don't know if I'm the only one with that problem, shouldn't systemd behave the same way on all systems?

Anyway, it's working now,, thanks for making radicale and for the answer.