Unable to write *.sieve files while Dovecot is running
I noticed lately that I can no longer modify *.sieve files while Dovecot is running. Write operations appear not to be permitted anymore:
$ echo >> example.sieve zsh: permission denied: example.sieve
Text editors like vim cannot write either. Since I used to be able to modify Sieve source files on the fly, I am wondering if the behaviour I see nowadays is intentional?
Doveconf reports the following versions:
# 2.3.14.1 (9f0cfb6426): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.14 (1b5c82b2) # OS: Linux 5.17.1-gentoo-r1-x86_64 x86_64 Gentoo Base System release 2.7
-Ralph
On 2022-04-07 15:16, Ralph Seichter wrote:
$ echo >> example.sieve zsh: permission denied: example.sieve
where does https://wiki.dovecot.org dokument it supported ?
Am 07.04.2022 um 15:16 schrieb Ralph Seichter:
I noticed lately that I can no longer modify *.sieve files while Dovecot is running. Write operations appear not to be permitted anymore:
$ echo >> example.sieve zsh: permission denied: example.sieve
Text editors like vim cannot write either. Since I used to be able to modify Sieve source files on the fly, I am wondering if the behaviour I see nowadays is intentional?
IMHO dovecot only consumes the bytecode sieve filter, not the plain text source file based on which the bytecode get generated.
I would be your issue is cause by unix permissions or by MAC systems like grsecurity, SELinux or Apparmor.
Alexander
On 2022-04-07 19:38, Alexander Dalloz wrote:
Am 07.04.2022 um 15:16 schrieb Ralph Seichter:
I noticed lately that I can no longer modify *.sieve files while Dovecot is running. Write operations appear not to be permitted anymore:
$ echo >> example.sieve zsh: permission denied: example.sieve
Text editors like vim cannot write either. Since I used to be able to modify Sieve source files on the fly, I am wondering if the behaviour I see nowadays is intentional?
IMHO dovecot only consumes the bytecode sieve filter, not the plain text source file based on which the bytecode get generated.
I would be your issue is cause by unix permissions or by MAC systems like grsecurity, SELinux or Apparmor.
Alexander
It could be just the case its with the default sieve file which is precompiled before starting Dovecot using sievec command while with user sieve scripts, its read and compiled everytime user receives an email and it should be writable from terminal while dovecot is running, though you will need to configure ManageSieve plugin for this to work, while its being said, it is valid if the issue it is not as a result of OS integrity enforcement like what Alexander has suggested.
Zakaria.
- Alexander Dalloz:
IMHO dovecot only consumes the bytecode sieve filter, not the plain text source file based on which the bytecode get generated.
Quoting the sievec(1) manual page:
[...] Dovecot's LDA process will first look for a binary file "dovecot.svbin" when it needs to execute "dovecot.sieve". It will compile a new binary when it is missing or outdated.
Changing the *.sieve file has always been sufficient. Manually invoking sievec is just something I do because it will tell me right away if my latest changes introduced a syntactic mistake.
I would be your issue is cause by unix permissions or by MAC systems like grsecurity, SELinux or Apparmor.
That comment of yours got me experimenting today. I stopped Deovecot and messed about with the example.siev e file. Finally, I renamed it to old.sieve, and then used
cat old.sieve > example.sieve
to create a fresh file with with the old content. I can now once again modify example.sieve while Dovecot is running, and Dovecot recompiles it to example.svbin as necessary.
While I don't know how the original *.sieve file got "broken" in terms of permissions or special attributes, it appears that it was indeed a local issue unrelated to Dovecot itself. My apologies, and thanks.
-Ralph
On 7. Apr 2022, at 16.16, Ralph Seichter <ralph@ml.seichter.de> wrote:
I noticed lately that I can no longer modify *.sieve files while Dovecot is running. Write operations appear not to be permitted anymore:
$ echo >> example.sieve zsh: permission denied: example.sieve
Text editors like vim cannot write either. Since I used to be able to modify Sieve source files on the fly, I am wondering if the behaviour I see nowadays is intentional?
Dovecot does not keep the files open or protect them against modifications. It is most likely some security feature in your operating system that blocks the modifications.
Sami
participants (5)
-
Alexander Dalloz
-
Benny Pedersen
-
hi@zakaria.website
-
Ralph Seichter
-
Sami Ketola