Basic question about file permissions for sieve error log

Aki Tuomi aki.tuomi at dovecot.fi
Thu Jul 26 14:45:06 EEST 2018



On 24.07.2018 22:58, J Doe wrote:
> Hello,
>
> I have an admittedly very basic question, but I am not able to get it to work.
>
> I store my global sieve script in: /etc/dovecot.  I recently made a mistake in my global sieve script which causes Dovecot to attempt to log the errors in: /etc/dovecot/sieve-global.log
>
> In /var/log/dovecot.log I see:
>
> Jul 24 15:33:32 lmtp(test at example.com): Error: ABVWGAx/V1uKLAAA1B5X9w: sieve: failed to open logfile (LOGGING TO STDERR): open(/etc/dovecot/sieve-global.log) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +w perm: /etc/dovecot, we're not in group 122(dovecot), dir owned by 0:122 mode=0775)
>
> …but the group membership shows:
>
> $ sudo -u vmail groups
> vmail dovecot
>
> …and I restarted Dovecot, but the same error happens.
>
> What am I doing wrong ?
>
> Thanks,
>
> - J

Hi!

Supplemental groups are not automatically added for processes. If you
want to have this, you need to use mail_access_groups setting.

Though, storing log files under /etc is a *bad* idea, you should store
them under /var/log/something instead. How about making /var/log/sieve,
chown that to root:vmail 0770?

Aki


More information about the dovecot mailing list