Dovecot sieve pigeonhole permission

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 4 Aug 2015, Gerhard Wiesinger wrote:

>
> I'm running dovecot in a classical vmail.vmail setup with pigeonhole and 
> LMTP. Permission worked well in the initial setup but currently (maybe after 
> Fedora 22 update) I'm having the following permission issue:
>
> lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary open: failed to 
> open: open(/etc/dovecot/sieve_after.svbin) failed: Permission denied 
> (euid=9999(vmail) egid=9999(vmail) missing +r perm: 
> /etc/dovecot/sieve_after.svbin, we're not in group 0(root), dir owned by 0:0 
> mode=0755)

Did you honored the error log and added the read permission for the vmail 
user, which most likely means:

chmod a+r /etc/dovecot/sieve_after.svbin

> lmtp(root): Error: 7fPZFOL9wFXePQAABcdabc: sieve: binary save: failed to 
> create temporary file: 
> open(/etc/dovecot/sieve_after.svbin.myserver.mydomain.15838.) failed: 
> Permission denied (euid=9999(vmail) egid=9999(vmail) missing +w perm: 
> /etc/dovecot, dir owned by 0:0 mode=0755)
> lmtp(root): Error: 7fPZFOL9wFXePQAABcdcbc: sieve: The LDA Sieve plugin does 
> not have permission to save global Sieve script binaries; global Sieve 
> scripts like `/etc/dovecot/sieve_after.sieve' need to be pre-compiled using 
> the sievec tool

Did you compiled the script manually as described in the error log?

>
> rpm -V dovecot dovecot-pigeonhole
> doesn't report any permission issues
>
> Versions:
> dovecot-2.2.18-2.fc22.x86_64
> dovecot-pigeonhole-2.2.18-2.fc22.x86_64
>
> Relevant config parts:
> mail_gid = vmail
> mail_uid = vmail
>
> plugin {
>  sieve = ~/.dovecot.sieve
>  sieve_after = /etc/dovecot/sieve_after.sieve
>  sieve_dir = ~/sieve
> }
>
> ls -lad /etc/dovecot/
> drwxr-xr-x. 3 root root 4096 Jul 30 18:13 /etc/dovecot/
> ls -la /etc/dovecot/*sieve*
> -rwxr-x--- 1 vmail vmail 288 Aug  8  2014 /etc/dovecot/sieve_after.sieve
> -rw-r----- 1 root  root  355 Jul 30 18:13 /etc/dovecot/sieve_after.svbin
>
> What's are the recommended permissions for the files/directories (also for 
> root service startup of dovecot)?
> Did something change in permissions management?

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBVcHuIHz1H7kL/d9rAQK99wgAnp6aQJEioc/KbIWilj/JiNUJnWkMT090
DNvZBKXmGpD8IyNkAxvliVQyP3o8vbbBwaBMSoGXwlu7es9I1fKJI641pMgRNO/w
r1iYkjFtP/sq4GvHoPVkTrs6QzKxVXQJZGfqsLvqAG58kieUM94QSyor5/7xa/1q
XhGTH9ifJURqIDuwZkgcBKZPKJupd6+fyU8t9S27AVISjrPc5KVcuAh5yjYt2BrE
8cQRKysh+1xdLBswn4B/8jDcR9F04rjE2Py1AdmQpVjyC5AbfCbu9a9y5sCPuoEp
g8NTF+kRrO6Y7rXU8aZwgpa9ScDoDMijOovpi3B/5U2r/40qpC4b7w==
=bD4P
-----END PGP SIGNATURE-----