[Dovecot] sievec - manual compile of global sieve scripts?

Mon Aug 1 23:11:32 EEST 2011

How do you compile global scripts using the sievec command without 
making the script directory owned (and group writable) by the vmail user?

http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage

# cd /etc/dovecot/sieve/before/
# (edit some script like spam.sieve that runs for everyone)
# /usr/local/bin/sievec spam.sieve spam.svbin

sievec(root): Error: sieve: binary save: failed to create temporary 
file: open(spam.svbin.hostname.26921.) in directory 
/etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail) 
egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is not 
dir owner)

# ls -la /etc/dovecot/sieve/before/
drwxrwxr-x 2 root root 4096 Aug  1 15:56 .
drwxr-xr-x 5 root root 4096 Aug  1 13:23 ..
-rw-rw-r-- 1 root root  477 Aug  1 15:33 spam.sieve

Or do I just make the /etc/dovecot/sieve/ tree owned and writable by the 
vmail:vmail user? (Which worked, but seems like a bad idea.)

Output of dovecot -n

# 2.0.13: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.18-274.el5 x86_64 Red Hat Enterprise Linux Server 
release 5.7 (Tikanga)
auth_verbose_passwords = sha1
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
listen = 127.0.0.1, 1.2.3.4
mail_gid = vmail
mail_home = /var/vmail/%d/%n
mail_location = maildir:~/Maildir
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope 
encoded-character vacation subaddress comparator-i;ascii-numeric 
relational regex imap4flags copy include variables body enotify 
environment mailbox date
mbox_write_locks = fcntl
passdb {
   args = /etc/dovecot/conf.d/dovecot-sql.conf.ext
   driver = sql
}
plugin {
   sieve = ~/.dovecot.sieve
   sieve_after = /etc/dovecot/sieve/after/
   sieve_before = /etc/dovecot/sieve/before/
   sieve_dir = ~/sieve
   sieve_global_dir = /etc/dovecot/sieve/globalinclude/
}
protocols = imap pop3 lmtp sieve
service auth {
   unix_listener /var/spool/postfix/private/auth {
     mode = 0666
   }
   unix_listener auth-userdb {
     group = vmail
     user = vmail
   }
}
service imap-login {
   process_min_avail = 5
}
service pop3-login {
   inet_listener pop3 {
     address = 1.2.3.4
   }
   inet_listener pop3s {
     address = 1.2.3.4
   }
}
ssl = required
ssl_cert = </etc/pki/tls/private/certs/example_com.crt
ssl_key = </etc/pki/tls/private/example_com.key
protocol lda {
   log_path = /var/log/dovecot/dovecot-lda
   mail_plugins = " sieve"
}