Problem with Pigeonhole/Sieve

[Steffen Kaiser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 2 May 2017, Kamil Kapturkiewicz wrote:

> 248 is a dovecot, 202 is dovenull, both users are in theirs groups across. If 
> I change ownership of /usr/local/dovecot to dovecot.dovecot, then dovecot is 
> correcting it to root.root for some reason. Does it mean that dovecot should 
> be running as root only?

you do not seem to run a root-less system, see 
https://wiki.dovecot.org/HowTo/Rootless (I never tried it).

> What does it mean / here? is it / in filesystem or it is / for dovecot in 
> /usr/local/dovecot ?

I suppose "/" refers to the login subdir in your base_dir
drwxr-x--- 2 root dovenull 4096 Sep 10  2016 /var/run/dovecot2.2/login//

The login processes seem to chroot there. This dir would match the 
permissions described in the error message and your info that 202 is 
dovenull.

In fact, the login processes are to run as another user (dovenull), if 
you do not run without root at all, in order to increase security by 
separated privilege levels. I would drop the "user = dovecot" lines.

I guess, you need to rephrase the subject in order to catch the attention 
of somebody else. But, what's your intention?

> May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 
> code=kill)
> this was caused by restarting of Dovecot.

I thought the "reload" message reads something different.

> On 02/05/17 09:13, Steffen Kaiser wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> On Mon, 1 May 2017, Kamil Kapturkiewicz wrote:
>> 
>>> Unfortunately I am getting following error in DoveCot log instead:
>>> 
>>> May 01 14:35:41 managesieve-login: Error: auth: connect(login) in 
>>> directory / failed: Permission denied (euid=248(<getpwuid() error>) 
>>> egid=248(<getgrgid() error>) missing +x perm: /, we're not in group 202, 
>>> dir owned by 0:202 mode=0750)
>>> May 01 14:35:41 managesieve-login: Error: auth: connect(login) in 
>>> directory / failed: Permission denied (euid=248(<unknown>) 
>>> egid=248(<unknown>) missing +x perm: /, we're not in group 202, dir owned 
>>> by 0:202 mode=0750)
>> 
>> this error is pretty clear:
>> 
>> Directory "/" cannot be accessed by user 248:248
>> 
>> looks like a chroot'ed environment? Anyway, either:
>> 
>> + the accessing user ID of 248:248 is wrong,
>> + the owning user 0:202 is wrong or
>> + the access permissions should include "chmod o+x /"
>> 
>>> May 01 14:36:00 master: Warning: Killed with signal 15 (by pid=37695 uid=0 
>>> code=kill)
>> 
>> This shouldn't happen.
>> 
>> - -- Steffen Kaiser
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1
>> 
>> iQEVAwUBWQg/rXz1H7kL/d9rAQL9Lwf5AUZX8VE4XX7b5hWWm7CkfcHJCnCuJy37
>> Hfw598Z+dljSAQ8Ki38vRtIKSSN7jVxOqiMPLKLh3+FcVVqOor/tbybDbV8rzhb5
>> u/+vynfvLENtwiEQAQ+4JjGOKQYX8rCU+Vz9Ft2my9ZR4qeUru4bxtduX/NI/GeZ
>> YBnhQHZdX/2iAhW8MLX19aPEm7a82qBwdzv5BeQ3iFq56woYOFj+6peC710aY6uM
>> 6wyURGoO3lvfaTnl4D1n3M6Nw7IuImHVtU1fLnUh8y+Z2Nv5cArxTWOpQFjzsVTS
>> 3dDNchnDXym2xpjYM2IA/GGKAyYdbwSLTyvWGiEq8LtQQhAnnY425w==
>> =sg2z
>> -----END PGP SIGNATURE-----
>

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWQlswHz1H7kL/d9rAQIOQQf/W4/PrWAikuEA0nfyaHU+pZNK+HpJFKkw
mz02uCG5mUDw5CaidmgMU2B7z67nw3pa2nSZYpUOdiPwhrS2alAxIV8UtNUFBuog
SYotBvnJmD62NsIeKJ5VQna9lGAB41zEPI5bekzvLWTfo0oic7EmiVIHvYLpBQwb
80PwAaN5hPMZrPwq+1w3EJvOr7jckIwxxlDeQcawHprY2Hq4H8SSmDFgGN+1KwQ0
nW3YqIBrfaYprfRBXz2wgGICuYuF5t5WLShBYR14WybrSrIxW0Yjt+wz8lRP/IlP
OhAqUj+6yU/11ILEUasjVrryZQkLDD6YtpgbDeuF0Rpi3Z11WSTC3g==
=tBJC
-----END PGP SIGNATURE-----