managesieve user
André Rodier
andre at rodier.me
Sat Mar 28 17:29:52 EET 2020
On Sat, 2020-03-28 at 15:14 +0000, André Rodier wrote:
> Hello,
>
> I am updating dovecot, from Debian Stretch to Buster, and I have an
> issue with the managesieve service:
>
> > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth:
> > connect(login) in directory / failed: Permission denied
> > (euid=120(<getpwuid() error>) egid=128(<getgrgid() error>) missing
> > +x
> > perm: /, we're not in group 127, dir owned by 0:127 mode=0770)
> > Mar 28 15:05:06 mail dovecot[2637]: managesieve-login: Error: auth:
> > connect(login) in directory / failed: Permission denied
> > (euid=120(<unknown>) egid=128(<unknown>) missing +x perm: /, we're
> > not in group 127, dir owned by 0:127 mode=0770)
>
> The two folders I found with these permissions are /run/dovecot/login
> and /run/dovecot/token-login.
> Both folders belongs to root:dovecot
>
> If I change the permissions of the following folders, like this:
>
> chmod 0775 /run/dovecot/login
> chmod 0775 /run/dovecot/token-login
>
> Then, dovecot managesieve is working, but this is just a test, I
> suppose the service should run with a specific user?
>
> Do you have any idea on what is wrong here?
>
> If I restart dovecot, I have an error message that states the
> permissions are wrong, and they are set again to 0770
>
> Thanks,
> André Rodier
>
Hi again,
I can fix it by using this:
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> }
>
> # Run as an unprivileged user
> group = dovecot
> user = dovecot
> }
>
Is it the right setting in term of security?
Thanks again,
André
More information about the dovecot
mailing list