Correct setup doc

[clsty]

Add two lines of commands in Installation guide.

As for my test, it won't work without either of these lines.

[foxcpp]

Wondering why systemd doesn't do it already since we set StateDirectory and RuntimeDirectory.

Except in case of ConfigurationDirectory=, the innermost specified directories will be owned by the user and group specified in User= and Group=. If the specified directories already exist and their owning user or group do not match the configured ones, all files and directories below the specified directories as well as the directories themselves will have their file ownership recursively changed to match what is configured.

Same goes for capabilities:

AmbientCapabilities=CAP_NET_BIND_SERVICE CapabilityBoundingSet=CAP_NET_BIND_SERVICE

[foxcpp]

AmbientCapabilities was added in systemd v229. StateDirectory was added in systemd v211.

What is your distribution/systemd version?

[clsty]

• Rocky Linux 9.0 (Blue Onyx)
• systemd 250 (250-6.e19_0)

[foxcpp]

Is there anything in the system journal regarding maddy.service when you run systemctl daemon-reload or on service start? I wonder why directives in maddy.service are not applied.

[clsty]

I tried disable maddy.service and remove those permissions and enable again, this time the permissions are applied automatically just as you described.

However, this is not a fresh installation anymore. I can't tell why the first time it didn't work. My journalctl does not keep logs persistently.

Let me paste the log of the fresh installation (months ago) in .zsh_history though.

Click to expand

```bash wget https://github.com/foxcpp/maddy/releases/download/v0.7.0/maddy-0.7.0-x86_64-linux-musl.tar.zst unzstd maddy-0.7.0-x86_64-linux-musl.tar.zst tar -xvf maddy- tar -xvf maddy-0.7.0-x86_64-linux-musl.tar cd maddy-0.7.0-x86_64-linux-musl mkdir /etc/maddy cp maddy.conf /etc/maddy cp maddy maddyctl /usr/bin cp systemd/*.service /etc/systemd/system mkdir /etc/maddy cp maddy.conf /etc/maddy cp maddy /usr/bin cp systemd/*.service /etc/systemd/system ls /sbin useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy dnf install certbot dnf install python-certbot-nginx vim /etc/nginx/conf.d/maddy.conf vim /etc/maddy/maddy.conf ip a lsblk -f for i in 25 465 587 993 143;do lsof -i $i;done for i in 25 465 587 993 143;do lsof -i:$i;done for i in 25 465 587 993 143 443;do lsof -i:$i;done ls -l / ls -l /etc/certkey ls -l /etc/ setfacl setfacl -R -m u:maddy:rx /etc/certkey/cert.{key,pem} setfacl -R -m u:maddy:rx /etc/certkey/cert.{key,pemm} systemctl enable --now maddy.service systemctl status maddy.service vim /etc/maddy/maddy.conf systemctl start maddy journalctl -xeu maddy.service systemctl status maddy.service systemctl daemon-reload clear useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy userdel maddy useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy userdel maddy rm -rf /var/lib/maddy useradd -mrU -s /sbin/nologin -d /var/lib/maddy -c "maddy mail server" maddy systemctl start maddy maddy su maddy maddy run systemctl status maddy systemctl start maddy vifm /etc/systemd/system maddy-0.7.0-x86_64-linux-musl/systemd mv /usr/bin/maddy /usr/local/bin/maddy systemctl start maddy maddy which maddy /usr/local/bin/maddy run su - maddy -c /usr/local/bin/maddy run runuser -l maddy -c '/usr/local/bin/maddy run' chsh -s /bin/bash maddy runuser -l maddy -c '/usr/local/bin/maddy run' ls /run/maddy vifm /run/maddy chown maddy:maddy /run/maddy runuser -l maddy -c '/usr/local/bin/maddy run' chown -R maddy:maddy /var/lib/maddy runuser -l maddy -c '/usr/local/bin/maddy run' chown -R maddy:maddy /run/maddy runuser -l maddy -c '/usr/local/bin/maddy run' lsof -i:25 netstat -tulpn | grep :25 setcap 'cap_net_bind_service=+ep' /usr/local/bin/maddy runuser -l maddy -c '/usr/local/bin/maddy run' systemctl start maddy systemctl enable maddy chown -R maddy:maddy /var/lib/maddy /run/maddy setcap 'cap_net_bind_service=+ep' /usr/local/bin/maddy ```

NOTE: I use vifm (TUI filemanager) sometimes, so that not all paths of edited files nor the cps, mvs were logged.

Maybe it's because of SELinux? I'm not familiar with this thing, but could it be possible that once I gave the permission manually, the restriction disappeared so that systemd could add it for me after that?