Basic question about file permissions for sieve error log
Hello,
I have an admittedly very basic question, but I am not able to get it to work.
I store my global sieve script in: /etc/dovecot. I recently made a mistake in my global sieve script which causes Dovecot to attempt to log the errors in: /etc/dovecot/sieve-global.log
In /var/log/dovecot.log I see:
Jul 24 15:33:32 lmtp(test@example.com): Error: ABVWGAx/V1uKLAAA1B5X9w: sieve: failed to open logfile (LOGGING TO STDERR): open(/etc/dovecot/sieve-global.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot, we're not in group 122(dovecot), dir owned by 0:122 mode=0775)
…but the group membership shows:
$ sudo -u vmail groups vmail dovecot
…and I restarted Dovecot, but the same error happens.
What am I doing wrong ?
Thanks,
- J
On 24.07.2018 22:58, J Doe wrote:
Hello,
I have an admittedly very basic question, but I am not able to get it to work.
I store my global sieve script in: /etc/dovecot. I recently made a mistake in my global sieve script which causes Dovecot to attempt to log the errors in: /etc/dovecot/sieve-global.log
In /var/log/dovecot.log I see:
Jul 24 15:33:32 lmtp(test@example.com): Error: ABVWGAx/V1uKLAAA1B5X9w: sieve: failed to open logfile (LOGGING TO STDERR): open(/etc/dovecot/sieve-global.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot, we're not in group 122(dovecot), dir owned by 0:122 mode=0775)
…but the group membership shows:
$ sudo -u vmail groups vmail dovecot
…and I restarted Dovecot, but the same error happens.
What am I doing wrong ?
Thanks,
- J
Hi!
Supplemental groups are not automatically added for processes. If you want to have this, you need to use mail_access_groups setting.
Though, storing log files under /etc is a *bad* idea, you should store them under /var/log/something instead. How about making /var/log/sieve, chown that to root:vmail 0770?
Aki
Op 24/07/2018 om 21:58 schreef J Doe:
Hello,
I have an admittedly very basic question, but I am not able to get it to work.
I store my global sieve script in: /etc/dovecot. I recently made a mistake in my global sieve script which causes Dovecot to attempt to log the errors in: /etc/dovecot/sieve-global.log
In /var/log/dovecot.log I see:
Jul 24 15:33:32 lmtp(test@example.com): Error: ABVWGAx/V1uKLAAA1B5X9w: sieve: failed to open logfile (LOGGING TO STDERR): open(/etc/dovecot/sieve-global.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot, we're not in group 122(dovecot), dir owned by 0:122 mode=0775)
…but the group membership shows:
$ sudo -u vmail groups vmail dovecot
…and I restarted Dovecot, but the same error happens.
What am I doing wrong ?
What is your configuration? "global" Sieve scripts like that normally don't cause user log files to be written.
Regards,
Stephan.
participants (3)
-
Aki Tuomi
-
J Doe
-
Stephan Bosch