Hello,
I am updating dovecot, from Debian Stretch to Buster, and I have an issue with the managesieve service:
Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120(<getpwuid() error>) egid=128(<getgrgid() error>) missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770) Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120(<unknown>) egid=128(<unknown>) missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770)
The two folders I found with these permissions are /run/dovecot/login and /run/dovecot/token-login. Both folders belongs to root:dovecot
If I change the permissions of the following folders, like this:
chmod 0775 /run/dovecot/login chmod 0775 /run/dovecot/token-login
Then, dovecot managesieve is working, but this is just a test, I suppose the service should run with a specific user?
Do you have any idea on what is wrong here?
If I restart dovecot, I have an error message that states the permissions are wrong, and they are set again to 0770
Thanks, André Rodier
On Sat, 2020-03-28 at 15:14 +0000, André Rodier wrote:
Hello,
I am updating dovecot, from Debian Stretch to Buster, and I have an issue with the managesieve service:
Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120(<getpwuid() error>) egid=128(<getgrgid() error>) missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770) Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120(<unknown>) egid=128(<unknown>) missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770)
The two folders I found with these permissions are /run/dovecot/login and /run/dovecot/token-login. Both folders belongs to root:dovecot
If I change the permissions of the following folders, like this:
chmod 0775 /run/dovecot/login chmod 0775 /run/dovecot/token-login
Then, dovecot managesieve is working, but this is just a test, I suppose the service should run with a specific user?
Do you have any idea on what is wrong here?
If I restart dovecot, I have an error message that states the permissions are wrong, and they are set again to 0770
Thanks, André Rodier
Hi again,
I can fix it by using this:
service managesieve-login { inet_listener sieve { port = 4190 }
# Run as an unprivileged user group = dovecot user = dovecot }
Is it the right setting in term of security?
Thanks again, André
Hi,
if i remember right there are several path changes in 90-sieve.conf.
did you check this?
--- Original Nachricht --- Betreff: Re: managesieve user Von: "André Rodier" An: "dovecot" Datum: 28-03-2020 16:29
On Sat, 2020-03-28 at 15:14 +0000, André Rodier wrote:
Hello,
I am updating dovecot, from Debian Stretch to Buster, and I have an issue with the managesieve service:
Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120() egid=128() missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770) Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth: connect(login) in directory / failed: Permission denied (euid=120() egid=128() missing +x perm: /, we're not in group 127, dir owned by 0:127 mode=0770)
The two folders I found with these permissions are /run/dovecot/login and /run/dovecot/token-login. Both folders belongs to root:dovecot
If I change the permissions of the following folders, like this:
chmod 0775 /run/dovecot/login chmod 0775 /run/dovecot/token-login
Then, dovecot managesieve is working, but this is just a test, I suppose the service should run with a specific user?
Do you have any idea on what is wrong here?
If I restart dovecot, I have an error message that states the permissions are wrong, and they are set again to 0770
Thanks, André Rodier
Hi again,
I can fix it by using this:
service managesieve-login { inet_listener sieve { port = 4190 }
# Run as an unprivileged user group = dovecot user = dovecot }
Is it the right setting in term of security?
Thanks again, André
participants (2)
-
André Rodier
-
GMX Account