Hi Gabriel,
I'm trying to implement what you suggested using apache mod_userdir with
===
UserDir /srv/dovecot
<DirectoryMatch "^/srv/dovecot/(?<WHICHUSER>[^/]+)">
  Require user %{env:MATCH_WHICHUSER}
  DirectoryIndex .dovecot.sieve.log
...
</DirectoryMatch>
===
I still need to find how to set up right permissions for these logs without too much brute force.
It looks like this way I can get what I want, but I really hoped to find some better way: my Roundcube installation is on the load-balanced web farm and there is no and should not be a file access to these logs. I think such a feature as Sieve compiler must have some standard way to say what is wrong to the author of the Sieve script.
--
  Sergey.

On Fri, Feb 2, 2018 at 2:29 PM, Gabriel Kaufmann <mailings@typoworx.com> wrote:

Alternatively use a web-interface with read-only access to the log?

best regards

Gabriel Kaufmann