Hi Gabriel,
I'm trying to implement what you suggested using apache mod_userdir with
===
UserDir /srv/dovecot
<DirectoryMatch "^/srv/dovecot/(?<WHICHUSER>[^/]+)">
Require user %{env:MATCH_WHICHUSER}
DirectoryIndex .dovecot.sieve.log
...
</DirectoryMatch>
===
I still need to find how to set up right permissions for these logs without too much brute force.
It looks like this way I can get what I want, but I really hoped to find some better way: my Roundcube installation is on the load-balanced web farm and there is no and should not be a file access to these logs. I think such a feature as Sieve compiler must have some standard way to say what is wrong to the author of the Sieve script.
--