[Dovecot] sievec - manual compile of global sieve scripts?
Stephan Bosch
stephan at rename-it.nl
Tue Aug 2 15:45:33 EEST 2011
On 8/2/2011 2:32 PM, Thomas Harold wrote:
> On 8/1/2011 8:43 PM, Stephan Bosch wrote:
>> On 8/1/2011 10:11 PM, Thomas Harold wrote:
>>> How do you compile global scripts using the sievec command without
>>> making the script directory owned (and group writable) by the vmail
>>> user?
>>>
>>> http://wiki2.dovecot.org/Pigeonhole/Sieve/Usage
>>>
>>> # cd /etc/dovecot/sieve/before/
>>> # (edit some script like spam.sieve that runs for everyone)
>>> # /usr/local/bin/sievec spam.sieve spam.svbin
>>>
>>> sievec(root): Error: sieve: binary save: failed to create temporary
>>> file: open(spam.svbin.hostname.26921.) in directory
>>> /etc/dovecot/sieve/before failed: Permission denied (euid=5000(vmail)
>>> egid=5000(vmail) missing +w perm: /etc/dovecot/sieve/before, euid is
>>> not dir owner)
>>
>> Why are you executing sievec as vmail in the first place? You should be
>> able to run it as root or any other user you use to manage global sieve
>> scripts.
>>
>
> Sorry, I may not have been clear before, I am trying to run sievec as
> root. So the error is confusing to me because it looks like sievec is
> trying to drop privs and do the compile as the vmail user. I haven't
> done anything special to the sievec file (like making it run as vmail
> or always run as root, SELinux is in permissive mode until I gather up
> enough entries in the audit log to make an audit2allow run useful).
>
> # ls -la /usr/local/bin
> -rwxr-xr-x 1 root root 123989 Aug 1 12:25 sievec
> -rwxr-xr-x 1 root root 119415 Aug 1 12:25 sieve-dump
> -rwxr-xr-x 1 root root 133592 Aug 1 12:25 sieve-test
What versions of Dovecot (obviously v2.0+) and Pigeonhole are you using
and what is your config (show dovecot -n output) ?
I suspect there may be a bug.
Regards,
Stephan.
More information about the dovecot
mailing list