Sieve permissions issue following update [solved]

Steffen Kaiser skdovecot at smail.inf.fh-brs.de
Thu Dec 11 10:01:23 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Dec 2014, David Gessel wrote:

> and watching the logs:
> dovecot: lda(gessel at blackrosetech.com): sieve: msgid=<CAFOe2y4kDushW=u6_cN1JmsP1FF63BzJ5O8=VjquHNaNAnskFw at mail.gmail.com>: stored mail into mailbox 'INBOX'
>
> Success!

:-)

> The permissions correction portion of the error below still seems wrong though, isn't it? And if so, a little misleading.
>
> Dec  9 00:09:59 mailhost dovecot: lda(gessel at domain.com): Error: sieve: binary save: failed to create temporary file: open(/usr/local/etc/dovecot/sieve/10-move-spam.svbin.mailhost.domain.com.114.) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /usr/local/etc/dovecot/sieve, we're not in group 6(mail), dir owned by 143:6 mode=0775)

Well, the error is not wrong by itself. An user gets a new message, in 
order to run the user's Sieve script, the LDA must load the sieve_before 
script. This is out-of-sync currently, because of the upgrade, and hence 
must be re-compiled and its binary form storred there.

One could argue, if:

a) in case of failure the binary should be written somewhere else, e.g. a 
temporary location and re-compiled each time a message arrives, or into 
the user's home dir, or ...
The current way tells the admin, that something is wrong.

b) sieve_before/after scripts chould be textually merged with user's 
scripts and storred as one combined binary in the user's directory.
A change of a global script would impact all user scripts then, a message 
to everyone would require quite a bit CPU.

> Does it seem reasonable to let the port maintainer know to submit a request to include instructions in /usr/ports/UPDATING for recompiling global scripts when necessary (and how to do it)?  I checked before posting to the list and the last entry for sieve is this one:

You could file a bug report in your distro's bug tracking software. If 
these are standard locations - I mean, you did not changed the paths to 
point somewhere else -, the upgrade should recompile shared Sieve scripts.

- -- 
Steffen Kaiser

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBVIlrdHz1H7kL/d9rAQLYBAf/bzt+3OLt6f236hd4N8fWOjo6dXJ5Cc5X
EJOHKcyMeHIzVSl2GkM6ckKkfRuIIjmK5DW3h36JhaIx7wh2nQJZnNPj0xCub6hK
4xE/HRoqfpnhW36Z5XvPZc656N8ut+gx0phnHxk11K1iV8kPHQsNy29d9213UWVP
yoVzaVLMBHYBRSMGIpU+10MRiSfFAbBce4mBWZ5Dt0bSUHXs5cDGRnRwH7HAvr6l
k2xeBmLf4oME7Y6/Ja75CWcHnnMlTMCp4J//zfHQnsrV7nFjEMiESU8MH3Z0IXqL
z4t9MVRdGWb17Sa4W22/LdainnxFcSKWR4dGX6bNu6qYLdApKXHzkQ==
=4TlD
-----END PGP SIGNATURE-----


More information about the dovecot mailing list